crypto: hmac - add fips_skip support

By adding the support for the flag fips_skip, hash / HMAC test vectors
may be marked to be not applicable in FIPS mode. Such vectors are
silently skipped in FIPS mode.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 3a5a3e5cb77bf7de97b23bbb98901d1a5524ed55..0c2efde2f6c6591a68aeb17c57f53476a23f12ea 100644 (file)
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1851,6 +1851,9 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
        }
 
        for (i = 0; i < num_vecs; i++) {
+               if (fips_enabled && vecs[i].fips_skip)
+                       continue;
+
                err = test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate);
                if (err)
                        goto out;

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index a253d66ba1c1a41adee6fa0b46b3625d803f0048..17b37525f2890613813c5b68f230738932f463a7 100644 (file)
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -33,6 +33,7 @@
  * @ksize:     Length of @key in bytes (0 if no key)
  * @setkey_error: Expected error from setkey()
  * @digest_error: Expected error from digest()
+ * @fips_skip: Skip the test vector in FIPS mode
  */
 struct hash_testvec {
        const char *key;
@@ -42,6 +43,7 @@ struct hash_testvec {
        unsigned short ksize;
        int setkey_error;
        int digest_error;
+       bool fips_skip;
 };
 
 /*