Re: [PATCH RFC] crypto/hkdf: Skip tests with keys too short in FIPS mode

From: Li Tian
Date: Tue Dec 16 2025 - 19:09:10 EST

Next message: David Hildenbrand (Red Hat): "Re: [PATCH 02/14] mm: Describe @flags parameter in memalloc_flags_save()"
Previous message: David Hildenbrand (Red Hat): "Re: [PATCH] mm: Consider non-anon swap cache folios in folio_expected_ref_count()"
Next in thread: Eric Biggers: "Re: [PATCH RFC] crypto/hkdf: Skip tests with keys too short in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 10, 2025 at 6:54 AM Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> What problem are you trying to solve?

Eric, as you've said "keylen < 14 check in the new version in
crypto/sha256.c." was forgotten.
IMHO, it deserves recovery in terms of FIPS. And by the time the check
is restored, the hkdf_test
cases failure will likely surface again. Hence the skipping in this proposal.

Li Tian

Next message: David Hildenbrand (Red Hat): "Re: [PATCH 02/14] mm: Describe @flags parameter in memalloc_flags_save()"
Previous message: David Hildenbrand (Red Hat): "Re: [PATCH] mm: Consider non-anon swap cache folios in folio_expected_ref_count()"
Next in thread: Eric Biggers: "Re: [PATCH RFC] crypto/hkdf: Skip tests with keys too short in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]