crypto: hmac - add fips_skip support

By adding the support for the flag fips_skip, hash / HMAC test vectors
may be marked to be not applicable in FIPS mode. Such vectors are
silently skipped in FIPS mode.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 3a5a3e5..0c2efde 100644 (file)
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1851,6 +1851,9 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
        }
 
        for (i = 0; i < num_vecs; i++) {
+               if (fips_enabled && vecs[i].fips_skip)
+                       continue;
+
                err = test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate);
                if (err)
                        goto out;

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index a253d66..17b3752 100644 (file)
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -33,6 +33,7 @@
  * @ksize:     Length of @key in bytes (0 if no key)
  * @setkey_error: Expected error from setkey()
  * @digest_error: Expected error from digest()
+ * @fips_skip: Skip the test vector in FIPS mode
  */
 struct hash_testvec {
        const char *key;
@@ -42,6 +43,7 @@ struct hash_testvec {
        unsigned short ksize;
        int setkey_error;
        int digest_error;
+       bool fips_skip;
 };
 
 /*