From 9310d4250aa243e34099f152c10bc9f1e82b280b Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Sat, 28 Mar 2015 08:38:52 +0100
Subject: [PATCH] crypto-tester: Explicitly exclude FIPS-PRF from append mode
 tests

This was implicitly done by the seed length check before 58dda5d6, but we
now require an explicit check to avoid that unsupported use.
---
 src/libstrongswan/crypto/crypto_tester.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 1047030..15ed173 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -920,14 +920,17 @@ METHOD(crypto_tester_t, test_prf, bool,
 		{
 			goto failure;
 		}
-		/* do partial append mode and check if key gets set correctly */
-		if (!prf->get_bytes(prf, seed, NULL))
+		if (alg != PRF_FIPS_SHA1_160)
 		{
-			goto failure;
-		}
-		if (!prf->set_key(prf, key))
-		{
-			goto failure;
+			/* do partial append mode and check if key gets set correctly */
+			if (!prf->get_bytes(prf, seed, NULL))
+			{
+				goto failure;
+			}
+			if (!prf->set_key(prf, key))
+			{
+				goto failure;
+			}
 		}
 		/* allocated bytes */
 		if (!prf->allocate_bytes(prf, seed, &out))
@@ -960,7 +963,7 @@ METHOD(crypto_tester_t, test_prf, bool,
 			goto failure;
 		}
 		/* bytes to existing buffer, using append mode */
-		if (seed.len > 2)
+		if (alg != PRF_FIPS_SHA1_160 && seed.len > 2)
 		{
 			memset(out.ptr, 0, out.len);
 			if (vector->stateful)
-- 
2.7.4