Skipping portions of cipher-suites test in FIPS mode

We need to skip some portions the system test in FIPS mode as some of
the algorithms used in the test are not available when using the FIPS
mode (e.g. TLS_CHACHA20_POLY1305_SHA256)

diff --git a/bin/tests/system/cipher-suites/tests.sh b/bin/tests/system/cipher-suites/tests.sh
index 2c8076717c499dc19e82343caea08056fac51b62..f5b28b79dfe8ade173bfa6afe7e775d0fed1ca48 100644 (file)
--- a/bin/tests/system/cipher-suites/tests.sh
+++ b/bin/tests/system/cipher-suites/tests.sh
@@ -67,13 +67,19 @@ tls_xfer_expect_success "$testing" 4 example
 
 tls_xfer_expect_success "$testing" 2 example-aes-128
 tls_xfer_expect_success "$testing" 3 example-aes-256
-tls_xfer_expect_success "$testing" 4 example-chacha-20
+if ! $FEATURETEST --have-fips-mode; then
+  tls_xfer_expect_success "$testing" 4 example-chacha-20
+fi
 
 tls_xfer_expect_failure "$testing" 2 example-aes-256
-tls_xfer_expect_failure "$testing" 2 example-chacha-20
+if ! $FEATURETEST --have-fips-mode; then
+  tls_xfer_expect_failure "$testing" 2 example-chacha-20
+fi
 
 tls_xfer_expect_failure "$testing" 3 example-aes-128
-tls_xfer_expect_failure "$testing" 3 example-chacha-20
+if ! $FEATURETEST --have-fips-mode; then
+  tls_xfer_expect_failure "$testing" 3 example-chacha-20
+fi
 
 tls_xfer_expect_failure "$testing" 4 example-aes-128
 tls_xfer_expect_failure "$testing" 4 example-aes-256
@@ -82,7 +88,9 @@ tls_xfer_expect_failure "$testing" 4 example-aes-256
 tls_xfer_expect_failure "$testing" 5 example
 tls_xfer_expect_failure "$testing" 5 example-aes-128
 tls_xfer_expect_failure "$testing" 5 example-aes-256
-tls_xfer_expect_failure "$testing" 5 example-chacha-20
+if ! $FEATURETEST --have-fips-mode; then
+  tls_xfer_expect_failure "$testing" 5 example-chacha-20
+fi
 
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1