From 2c385c0e13b9410429d1871504d320d59be93e9c Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Wed, 5 Jun 2019 15:21:19 +0200
Subject: [PATCH] tests/client/torture_auth: Skip some tests if in FIPS mode

If in FIPS mode, skip tests which require algorithms not allowed.  Also
use allowed algorithms when possible to avoid skipping the test.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 tests/client/torture_auth.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c
index de1b5984..aea76d32 100644
--- a/tests/client/torture_auth.c
+++ b/tests/client/torture_auth.c
@@ -616,7 +616,7 @@ static void torture_auth_pubkey_types(void **state)
 
     /* Disable RSA key types for authentication */
     rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
-                         "ssh-dss");
+                         "ecdsa-sha2-nistp384");
     assert_ssh_return_code(session, rc);
 
     rc = ssh_userauth_publickey_auto(session, NULL, NULL);
@@ -675,6 +675,10 @@ static void torture_auth_pubkey_types_ed25519(void **state)
     ssh_session session = s->ssh.session;
     int rc;
 
+    if (ssh_fips_mode()) {
+        skip();
+    }
+
     rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
     assert_ssh_return_code(session, rc);
 
@@ -734,7 +738,7 @@ static void torture_auth_pubkey_types_nonblocking(void **state)
 
     /* Disable RSA key types for authentication */
     rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
-                         "ssh-dss");
+                         "ecdsa-sha2-nistp521");
     assert_ssh_return_code(session, rc);
 
     do {
@@ -807,6 +811,10 @@ static void torture_auth_pubkey_types_ed25519_nonblocking(void **state)
     ssh_session session = s->ssh.session;
     int rc;
 
+    if (ssh_fips_mode()) {
+        skip();
+    }
+
     rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
     assert_ssh_return_code(session, rc);