Blame SOURCES/gnutls-3.7.3-fix-tests-in-fips.patch

118cf7
From 2c33761787f6530cf3984310a5f3b7dd05a7b375 Mon Sep 17 00:00:00 2001
118cf7
From: Zoltan Fridrich <zfridric@redhat.com>
118cf7
Date: Thu, 17 Feb 2022 11:46:29 +0100
118cf7
Subject: [PATCH] Disable some tests in fips mode
118cf7
118cf7
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
118cf7
---
118cf7
 tests/pkcs11/pkcs11-eddsa-privkey-test.c | 5 +++++
118cf7
 tests/pkcs11/tls-neg-pkcs11-key.c        | 8 +++++++-
118cf7
 2 files changed, 12 insertions(+), 1 deletion(-)
118cf7
118cf7
diff --git a/tests/pkcs11/pkcs11-eddsa-privkey-test.c b/tests/pkcs11/pkcs11-eddsa-privkey-test.c
118cf7
index 44515da3f..ebbfe5278 100644
118cf7
--- a/tests/pkcs11/pkcs11-eddsa-privkey-test.c
118cf7
+++ b/tests/pkcs11/pkcs11-eddsa-privkey-test.c
118cf7
@@ -107,6 +107,11 @@ void doit(void)
118cf7
 		fail("%d: %s\n", ret, gnutls_strerror(ret));
118cf7
 	}
118cf7
 
118cf7
+	if (gnutls_fips140_mode_enabled()) {
118cf7
+		gnutls_global_deinit();
118cf7
+		return;
118cf7
+	}
118cf7
+
118cf7
 	gnutls_pkcs11_set_pin_function(pin_func, NULL);
118cf7
 	gnutls_global_set_log_function(tls_log_func);
118cf7
 	if (debug)
118cf7
diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c
118cf7
index fc7c3dc4e..5cc1ae6e2 100644
118cf7
--- a/tests/pkcs11/tls-neg-pkcs11-key.c
118cf7
+++ b/tests/pkcs11/tls-neg-pkcs11-key.c
118cf7
@@ -268,6 +268,7 @@ typedef struct test_st {
118cf7
 	int exp_serv_err;
118cf7
 	int needs_eddsa;
118cf7
 	int needs_decryption;
118cf7
+	int nofips;
118cf7
 	unsigned requires_pkcs11_pss;
118cf7
 } test_st;
118cf7
 
118cf7
@@ -340,6 +341,7 @@ static const test_st tests[] = {
118cf7
 	 .cert = &server_ca3_eddsa_cert,
118cf7
 	 .key = &server_ca3_eddsa_key,
118cf7
 	 .exp_kx = GNUTLS_KX_ECDHE_RSA,
118cf7
+	 .nofips = 1
118cf7
 	},
118cf7
 	{.name = "tls1.3: ecc key",
118cf7
 	 .pk = GNUTLS_PK_ECDSA,
118cf7
@@ -392,7 +394,8 @@ static const test_st tests[] = {
118cf7
 	 .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA",
118cf7
 	 .cert = &server_ca3_eddsa_cert,
118cf7
 	 .key = &server_ca3_eddsa_key,
118cf7
-	 .exp_kx = GNUTLS_KX_ECDHE_RSA
118cf7
+	 .exp_kx = GNUTLS_KX_ECDHE_RSA,
118cf7
+	 .nofips = 1
118cf7
 	}
118cf7
 };
118cf7
 
118cf7
@@ -448,6 +451,9 @@ void doit(void)
118cf7
 	have_eddsa = verify_eddsa_presence();
118cf7
 
118cf7
 	for (i=0;i
118cf7
+		if (tests[i].nofips && gnutls_fips140_mode_enabled())
118cf7
+			continue;
118cf7
+
118cf7
 		if (tests[i].needs_eddsa && !have_eddsa)
118cf7
 			continue;
118cf7
 
118cf7
-- 
118cf7
2.35.1
118cf7