kdf,fips: Modify HKDF test for FIPS mode.

* tests/t-kdf.c (check_hkdf): Check if shorter salts are rejected correctly when FIPS mode. -- Fixes-commit: fbddfb964f0b1c1ec131194b2273c3f834041c84 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2022-06-21 15:38:56 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2022-06-21 15:38:56 +0900
commit: 07722d89bac1a739b084b4412c3ff42e215d5968 (patch)
tree: e7e9a9920edac3bfcecc6d86d993fa5dc2a114e5 /tests
parent: e0f0c788dc0f268965c0f63eb33d9f98c0575d58 (diff)
download: libgcrypt-07722d89bac1a739b084b4412c3ff42e215d5968.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 508e4bbe..4596c5c7 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -1875,7 +1875,17 @@ check_hkdf (void)
                        info, infolen,
                        expectedlen, out);
   if (err)
-    fail ("HKDF test %d failed: %s\n", count, gpg_strerror (err));
+    {
+      if (in_fips_mode && saltlen < 14)
+        {
+          if (verbose)
+            fprintf (stderr,
+                     "  shorter salt (%lu) rejected correctly in fips mode\n",
+                     saltlen);
+        }
+      else
+        fail ("HKDF test %d failed: %s\n", count, gpg_strerror (err));
+    }
   else if (memcmp (out, expected, expectedlen))
     {
       fail ("HKDF test %d failed: mismatch\n", count);
author	NIIBE Yutaka <gniibe@fsij.org>	2022-06-21 15:38:56 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2022-06-21 15:38:56 +0900
commit	07722d89bac1a739b084b4412c3ff42e215d5968 (patch)
tree	e7e9a9920edac3bfcecc6d86d993fa5dc2a114e5 /tests
parent	e0f0c788dc0f268965c0f63eb33d9f98c0575d58 (diff)
download	libgcrypt-07722d89bac1a739b084b4412c3ff42e215d5968.tar.gz