Disable some tests in fips mode

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

diff --git a/tests/pkcs11/pkcs11-eddsa-privkey-test.c b/tests/pkcs11/pkcs11-eddsa-privkey-test.c
index 44515da3f4177f5f9f1a1c337fde5f093d5fdd11..ebbfe5278d98b0df204d6af067a03466aeeb676e 100644 (file)
--- a/tests/pkcs11/pkcs11-eddsa-privkey-test.c
+++ b/tests/pkcs11/pkcs11-eddsa-privkey-test.c
@@ -107,6 +107,11 @@ void doit(void)
                fail("%d: %s\n", ret, gnutls_strerror(ret));
        }
 
+       if (gnutls_fips140_mode_enabled()) {
+               gnutls_global_deinit();
+               return;
+       }
+
        gnutls_pkcs11_set_pin_function(pin_func, NULL);
        gnutls_global_set_log_function(tls_log_func);
        if (debug)

diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c
index fc7c3dc4ea6df9e8f3d80c186716b089d9d019cc..5cc1ae6e2e48acfaca8b3aab74f440072e388272 100644 (file)
--- a/tests/pkcs11/tls-neg-pkcs11-key.c
+++ b/tests/pkcs11/tls-neg-pkcs11-key.c
@@ -268,6 +268,7 @@ typedef struct test_st {
        int exp_serv_err;
        int needs_eddsa;
        int needs_decryption;
+       int nofips;
        unsigned requires_pkcs11_pss;
 } test_st;
 
@@ -340,6 +341,7 @@ static const test_st tests[] = {
         .cert = &server_ca3_eddsa_cert,
         .key = &server_ca3_eddsa_key,
         .exp_kx = GNUTLS_KX_ECDHE_RSA,
+        .nofips = 1
        },
        {.name = "tls1.3: ecc key",
         .pk = GNUTLS_PK_ECDSA,
@@ -392,7 +394,8 @@ static const test_st tests[] = {
         .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA",
         .cert = &server_ca3_eddsa_cert,
         .key = &server_ca3_eddsa_key,
-        .exp_kx = GNUTLS_KX_ECDHE_RSA
+        .exp_kx = GNUTLS_KX_ECDHE_RSA,
+        .nofips = 1
        }
 };
 
@@ -448,6 +451,9 @@ void doit(void)
        have_eddsa = verify_eddsa_presence();
 
        for (i=0;i<sizeof(tests)/sizeof(tests[0]);i++) {
+               if (tests[i].nofips && gnutls_fips140_mode_enabled())
+                       continue;
+
                if (tests[i].needs_eddsa && !have_eddsa)
                        continue;