From 58c92098d053aae7c78cc42bdd7c80c13efc89bb Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 24 Jun 2022 08:59:31 +0900
Subject: hmac,hkdf: Allow use of shorter salt for HKDF.

* cipher/md.c (prepare_macpads): Move the check to...
* src/visibility.c (gcry_mac_setkey): ... here.
* tests/t-kdf.c (check_hkdf): No failure is expected.

--

GnuPG-bug-id: 6039
Fixes-commit: 76aad97dd312e83f2f9b8d086553f2b72ab6546f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 tests/t-kdf.c | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

(limited to 'tests/t-kdf.c')

diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 4596c5c7..508e4bbe 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -1875,17 +1875,7 @@ check_hkdf (void)
                        info, infolen,
                        expectedlen, out);
   if (err)
-    {
-      if (in_fips_mode && saltlen < 14)
-        {
-          if (verbose)
-            fprintf (stderr,
-                     "  shorter salt (%lu) rejected correctly in fips mode\n",
-                     saltlen);
-        }
-      else
-        fail ("HKDF test %d failed: %s\n", count, gpg_strerror (err));
-    }
+    fail ("HKDF test %d failed: %s\n", count, gpg_strerror (err));
   else if (memcmp (out, expected, expectedlen))
     {
       fail ("HKDF test %d failed: mismatch\n", count);
-- 
cgit v1.2.1