crypto: hmac - add fips_skip support · tjh.dev/kernel@c9c28ed

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

crypto: hmac - add fips_skip support

By adding the support for the flag fips_skip, hash / HMAC test vectors
may be marked to be not applicable in FIPS mode. Such vectors are
silently skipped in FIPS mode.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Stephan Müller and committed by

Herbert Xu 4 years ago c9c28ed0 95e26b03

2 changed files

expand all

crypto

testmgr.c

testmgr.h

crypto/testmgr.c

··· 1851 1851 } 1852 1852 1853 1853 for (i = 0; i < num_vecs; i++) { 1854 + if (fips_enabled && vecs[i].fips_skip) 1855 + continue; 1856 + 1854 1857 err = test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate); 1855 1858 if (err) 1856 1859 goto out;

crypto/testmgr.h

··· 33 33 * @ksize: Length of @key in bytes (0 if no key) 34 34 * @setkey_error: Expected error from setkey() 35 35 * @digest_error: Expected error from digest() 36 + * @fips_skip: Skip the test vector in FIPS mode 36 37 */ 37 38 struct hash_testvec { 38 39 const char *key; ··· 43 42 unsigned short ksize; 44 43 int setkey_error; 45 44 int digest_error; 45 + bool fips_skip; 46 46 }; 47 47 48 48 /*