crypto: hmac - add fips_skip support

By adding the support for the flag fips_skip, hash / HMAC test vectors may be marked to be not applicable in FIPS mode. Such vectors are silently skipped in FIPS mode. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: hmac - add fips_skip support
By adding the support for the flag fips_skip, hash / HMAC test vectors may be marked to be not applicable in FIPS mode. Such vectors are silently skipped in FIPS mode. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
c9c28ed0 · Stephan Müller · Herbert Xu · 95e26b03 · c9c28ed0 · c9c28ed0
Commit c9c28ed0 authored Feb 01, 2022 by Stephan Müller Committed by Herbert Xu Feb 11, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

crypto/testmgr.c crypto/testmgr.c +3 -0

crypto/testmgr.h crypto/testmgr.h +2 -0

No files found.
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1851,6 +1851,9 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
 	}
 	for (i = 0; i < num_vecs; i++) {
+		if (fips_enabled && vecs[i].fips_skip)
+			continue;
 		err = test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate);
 		if (err)
 			goto out;

--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -33,6 +33,7 @@
 * @ksize:	Length of @key in bytes (0 if no key)
 * @setkey_error: Expected error from setkey()
 * @digest_error: Expected error from digest()
+ * @fips_skip:	Skip the test vector in FIPS mode
 */
 struct hash_testvec {
 	const char *key;
@@ -42,6 +43,7 @@ struct hash_testvec {
 	unsigned short ksize;
 	int setkey_error;
 	int digest_error;
+	bool fips_skip;
 };
 /*