On 3/29/21 9:37 PM, Herbert Xu wrote:

On Mon, Mar 29, 2021 at 09:00:01PM -0700, Randy Dunlap wrote:

quoted

+			If fips_enabled = 1, some crypto tests are skipped.

I don't think any tests are skipped.  It does however disable
many algorithms by essentially failing them at the testing stage.

That statement was based on crypto/testmgr.c (in 4 places):

		if (fips_enabled && template[i].fips_skip)
			continue;

and

	if (fips_enabled && vec->fips_skip)
		return 0;

and

		if (fips_enabled && !alg_test_descs[i].fips_allowed)
			goto non_fips_alg;

and

	if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
			     (j >= 0 && !alg_test_descs[j].fips_allowed)))
		goto non_fips_alg;


so it appears (at least to me) that there are some methods (infrastructure)
for tests to be skipped, but maybe none are actually using that possiblilty.

In any case, I don't mind dropping that part of the documentation.

thanks.
-- 
~Randy