Skipping portions of cipher-suites test in FIPS mode

We need to skip some portions the system test in FIPS mode as some of the algorithms used in the test are not available when using the FIPS mode (e.g. TLS_CHACHA20_POLY1305_SHA256)
2024-01-15 17:21:45 +02:00
parent dffb11f2c0
commit dbcdd868f9
1 changed files with 12 additions and 4 deletions
--- a/bin/tests/system/cipher-suites/tests.sh
+++ b/bin/tests/system/cipher-suites/tests.sh
@@ -67,13 +67,19 @@ tls_xfer_expect_success "$testing" 4 example

 tls_xfer_expect_success "$testing" 2 example-aes-128
 tls_xfer_expect_success "$testing" 3 example-aes-256
-tls_xfer_expect_success "$testing" 4 example-chacha-20
+if ! $FEATURETEST --have-fips-mode; then
+  tls_xfer_expect_success "$testing" 4 example-chacha-20
+fi

 tls_xfer_expect_failure "$testing" 2 example-aes-256
-tls_xfer_expect_failure "$testing" 2 example-chacha-20
+if ! $FEATURETEST --have-fips-mode; then
+  tls_xfer_expect_failure "$testing" 2 example-chacha-20
+fi

 tls_xfer_expect_failure "$testing" 3 example-aes-128
-tls_xfer_expect_failure "$testing" 3 example-chacha-20
+if ! $FEATURETEST --have-fips-mode; then
+  tls_xfer_expect_failure "$testing" 3 example-chacha-20
+fi

 tls_xfer_expect_failure "$testing" 4 example-aes-128
 tls_xfer_expect_failure "$testing" 4 example-aes-256
@@ -82,7 +88,9 @@ tls_xfer_expect_failure "$testing" 4 example-aes-256
 tls_xfer_expect_failure "$testing" 5 example
 tls_xfer_expect_failure "$testing" 5 example-aes-128
 tls_xfer_expect_failure "$testing" 5 example-aes-256
-tls_xfer_expect_failure "$testing" 5 example-chacha-20
+if ! $FEATURETEST --have-fips-mode; then
+  tls_xfer_expect_failure "$testing" 5 example-chacha-20
+fi

 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1