From 7758974cb5f78d9270b39b7711da91dbeeda4a1c Mon Sep 17 00:00:00 2001
From: Herbert Xu <zxu@redhat.com>
Date: Fri, 4 Mar 2022 13:34:44 +1200
Subject: [PATCH] crypto: hmac - add fips_skip support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2033512

commit c9c28ed0ab611b6ee3bfab88eba334e272642433
Author: Stephan Müller <smueller@chronox.de>
Date:   Tue Feb 1 09:40:58 2022 +0100

    crypto: hmac - add fips_skip support

    By adding the support for the flag fips_skip, hash / HMAC test vectors
    may be marked to be not applicable in FIPS mode. Such vectors are
    silently skipped in FIPS mode.

    Signed-off-by: Stephan Mueller <smueller@chronox.de>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: Herbert Xu <zxu@redhat.com>
---
 crypto/testmgr.c | 3 +++
 crypto/testmgr.h | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 036f9b7b5211..aa8541b1dee0 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1854,6 +1854,9 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
 	}
 
 	for (i = 0; i < num_vecs; i++) {
+		if (fips_enabled && vecs[i].fips_skip)
+			continue;
+
 		err = test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate);
 		if (err)
 			goto out;
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 3ed6ab34ab51..ac42875cbf79 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -33,6 +33,7 @@
  * @ksize:	Length of @key in bytes (0 if no key)
  * @setkey_error: Expected error from setkey()
  * @digest_error: Expected error from digest()
+ * @fips_skip:	Skip the test vector in FIPS mode
  */
 struct hash_testvec {
 	const char *key;
@@ -42,6 +43,7 @@ struct hash_testvec {
 	unsigned short ksize;
 	int setkey_error;
 	int digest_error;
+	bool fips_skip;
 };
 
 /*