From 37eccb0988a3d817f6e7dd37fb5eed9891dca84a Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Date: Wed, 1 May 2024 16:23:15 +0100
Subject: [PATCH] mh_sha1_murmur3_x64_128: return invalid algorithm if FIPS
 mode is enabled at start of the function

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 .../mh_sha1_murmur3_x64_128.c                 | 21 +++++++---------
 .../mh_sha1_murmur3_x64_128_param_test.c      | 24 ++++++++++++-------
 2 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/mh_sha1_murmur3_x64_128/mh_sha1_murmur3_x64_128.c b/mh_sha1_murmur3_x64_128/mh_sha1_murmur3_x64_128.c
index 0e9ff484..1c937451 100644
--- a/mh_sha1_murmur3_x64_128/mh_sha1_murmur3_x64_128.c
+++ b/mh_sha1_murmur3_x64_128/mh_sha1_murmur3_x64_128.c
@@ -79,14 +79,13 @@ int
 isal_mh_sha1_murmur3_x64_128_init(struct mh_sha1_murmur3_x64_128_ctx *ctx,
                                   const uint64_t murmur_seed)
 {
+#ifdef FIPS_MODE
+        return ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO;
+#else
 #ifdef SAFE_PARAM
         if (ctx == NULL)
                 return ISAL_CRYPTO_ERR_NULL_CTX;
 #endif
-
-#ifdef FIPS_MODE
-        return ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO;
-#else
         return mh_sha1_murmur3_x64_128_init(ctx, murmur_seed);
 #endif
 }
@@ -95,16 +94,15 @@ int
 isal_mh_sha1_murmur3_x64_128_update(struct mh_sha1_murmur3_x64_128_ctx *ctx, const void *buffer,
                                     const uint32_t len)
 {
+#ifdef FIPS_MODE
+        return ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO;
+#else
 #ifdef SAFE_PARAM
         if (ctx == NULL)
                 return ISAL_CRYPTO_ERR_NULL_CTX;
         if (buffer == NULL)
                 return ISAL_CRYPTO_ERR_NULL_SRC;
 #endif
-
-#ifdef FIPS_MODE
-        return ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO;
-#else
         return mh_sha1_murmur3_x64_128_update(ctx, buffer, len);
 #endif
 }
@@ -113,16 +111,15 @@ int
 isal_mh_sha1_murmur3_x64_128_finalize(struct mh_sha1_murmur3_x64_128_ctx *ctx, void *mh_sha1_digest,
                                       void *murmur3_x64_128_digest)
 {
+#ifdef FIPS_MODE
+        return ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO;
+#else
 #ifdef SAFE_PARAM
         if (ctx == NULL)
                 return ISAL_CRYPTO_ERR_NULL_CTX;
         if (mh_sha1_digest == NULL || murmur3_x64_128_digest == NULL)
                 return ISAL_CRYPTO_ERR_NULL_AUTH;
 #endif
-
-#ifdef FIPS_MODE
-        return ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO;
-#else
         return mh_sha1_murmur3_x64_128_finalize(ctx, mh_sha1_digest, murmur3_x64_128_digest);
 #endif
 }
diff --git a/mh_sha1_murmur3_x64_128/mh_sha1_murmur3_x64_128_param_test.c b/mh_sha1_murmur3_x64_128/mh_sha1_murmur3_x64_128_param_test.c
index 09773577..fdd397da 100644
--- a/mh_sha1_murmur3_x64_128/mh_sha1_murmur3_x64_128_param_test.c
+++ b/mh_sha1_murmur3_x64_128/mh_sha1_murmur3_x64_128_param_test.c
@@ -50,15 +50,17 @@ test_mh_sha1_murmur3_x64_128_init_api(void)
                 return retval;
         }
 
+#ifdef FIPS_MODE
+        // Check for invalid algorithm error
+        ret = isal_mh_sha1_murmur3_x64_128_init(ctx, seed);
+        CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO, func_name, exit_init);
+#else
         // check null ctx
         ret = isal_mh_sha1_murmur3_x64_128_init(NULL, seed);
         CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_NULL_CTX, func_name, exit_init);
 
         // check valid params
         ret = isal_mh_sha1_murmur3_x64_128_init(ctx, seed);
-#ifdef FIPS_MODE
-        CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO, func_name, exit_init);
-#else
         CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_NONE, func_name, exit_init);
 #endif
 
@@ -86,6 +88,11 @@ test_mh_sha1_murmur3_x64_128_update_api(void)
                 goto exit_update;
         }
 
+#ifdef FIPS_MODE
+        // Check for invalid algorithm error
+        ret = isal_mh_sha1_murmur3_x64_128_update(ctx, buff, len);
+        CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO, func_name, exit_update);
+#else
         // check null ctx
         ret = isal_mh_sha1_murmur3_x64_128_update(NULL, buff, len);
         CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_NULL_CTX, func_name, exit_update);
@@ -96,9 +103,6 @@ test_mh_sha1_murmur3_x64_128_update_api(void)
 
         // check valid params
         ret = isal_mh_sha1_murmur3_x64_128_update(ctx, buff, len);
-#ifdef FIPS_MODE
-        CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO, func_name, exit_update);
-#else
         CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_NONE, func_name, exit_update);
 #endif
 
@@ -126,6 +130,11 @@ test_mh_sha1_murmur3_x64_128_finalize_api(void)
                 return retval;
         }
 
+#ifdef FIPS_MODE
+        // Check for invalid algorithm error
+        ret = isal_mh_sha1_murmur3_x64_128_finalize(ctx, mh_sha1_digest, murmur3_x64_128_digest);
+        CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO, func_name, exit_finalize);
+#else
         // check null ctx
         ret = isal_mh_sha1_murmur3_x64_128_finalize(NULL, mh_sha1_digest, murmur3_x64_128_digest);
         CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_NULL_CTX, func_name, exit_finalize);
@@ -140,9 +149,6 @@ test_mh_sha1_murmur3_x64_128_finalize_api(void)
 
         // check valid params
         ret = isal_mh_sha1_murmur3_x64_128_finalize(ctx, mh_sha1_digest, murmur3_x64_128_digest);
-#ifdef FIPS_MODE
-        CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_FIPS_INVALID_ALGO, func_name, exit_finalize);
-#else
         CHECK_RETURN_GOTO(ret, ISAL_CRYPTO_ERR_NONE, func_name, exit_finalize);
 #endif