diff mbox series

[v2,1/2] crypto: HMAC - add fips_skip support

Message ID 2682841.vuYhMxLoTh@positron.chronox.de (mailing list archive)
State Accepted
Delegated to: Herbert Xu
Headers show
Series crypto: HMAC - disallow keys < 112 bits in FIPS mode | expand

Commit Message

Stephan Mueller Feb. 1, 2022, 8:40 a.m. UTC 
By adding the support for the flag fips_skip, hash / HMAC test vectors
may be marked to be not applicable in FIPS mode. Such vectors are
silently skipped in FIPS mode.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 crypto/testmgr.c | 3 +++
 crypto/testmgr.h | 2 ++
 2 files changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 5831d4bbc64f..26674570ea72 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1854,6 +1854,9 @@  static int __alg_test_hash(const struct hash_testvec *vecs,
 	}
 
 	for (i = 0; i < num_vecs; i++) {
+		if (fips_enabled && vecs[i].fips_skip)
+			continue;
+
 		err = test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate);
 		if (err)
 			goto out;
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index a253d66ba1c1..17b37525f289 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -33,6 +33,7 @@ 
  * @ksize:	Length of @key in bytes (0 if no key)
  * @setkey_error: Expected error from setkey()
  * @digest_error: Expected error from digest()
+ * @fips_skip:	Skip the test vector in FIPS mode
  */
 struct hash_testvec {
 	const char *key;
@@ -42,6 +43,7 @@  struct hash_testvec {
 	unsigned short ksize;
 	int setkey_error;
 	int digest_error;
+	bool fips_skip;
 };
 
 /*