crypto-tester: Explicitly exclude FIPS-PRF from append mode tests
authorMartin Willi <martin@revosec.ch>
Sat, 28 Mar 2015 07:38:52 +0000 (08:38 +0100)
committerMartin Willi <martin@revosec.ch>
Sat, 28 Mar 2015 07:38:52 +0000 (08:38 +0100)
This was implicitly done by the seed length check before 58dda5d6, but we
now require an explicit check to avoid that unsupported use.

src/libstrongswan/crypto/crypto_tester.c

index 1047030..15ed173 100644 (file)
@@ -920,14 +920,17 @@ METHOD(crypto_tester_t, test_prf, bool,
                {
                        goto failure;
                }
-               /* do partial append mode and check if key gets set correctly */
-               if (!prf->get_bytes(prf, seed, NULL))
+               if (alg != PRF_FIPS_SHA1_160)
                {
-                       goto failure;
-               }
-               if (!prf->set_key(prf, key))
-               {
-                       goto failure;
+                       /* do partial append mode and check if key gets set correctly */
+                       if (!prf->get_bytes(prf, seed, NULL))
+                       {
+                               goto failure;
+                       }
+                       if (!prf->set_key(prf, key))
+                       {
+                               goto failure;
+                       }
                }
                /* allocated bytes */
                if (!prf->allocate_bytes(prf, seed, &out))
@@ -960,7 +963,7 @@ METHOD(crypto_tester_t, test_prf, bool,
                        goto failure;
                }
                /* bytes to existing buffer, using append mode */
-               if (seed.len > 2)
+               if (alg != PRF_FIPS_SHA1_160 && seed.len > 2)
                {
                        memset(out.ptr, 0, out.len);
                        if (vector->stateful)