From c3c705f82b0021ef61abf3d6d205755db2e7b7cd Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 16 Jul 2019 15:44:14 -0700
Subject: [PATCH] FIPS, HMAC, and PKCS8 One of the tests for PKCS8 depended on
 keys encrypted with a password that has only 8 letters. HMAC in FIPS mode
 requires a minimum of 12 bytes. Disabled that test case when FIPS is enabled.
 All components do get tested just not all together in that case.

---
 tests/api.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/api.c b/tests/api.c
index 672a54096..19389f6fb 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -20664,6 +20664,10 @@ static void test_wolfSSL_PKCS8_Compat(void)
 
 static void test_wolfSSL_PKCS8_d2i(void)
 {
+#ifndef WOLFSSL_FIPS
+    /* This test ends up using HMAC as a part of PBKDF2, and HMAC
+     * requires a 12 byte password in FIPS mode. This test ends up
+     * trying to use an 8 byte password. */
 #ifdef OPENSSL_ALL
     WOLFSSL_EVP_PKEY* pkey = NULL;
 #ifndef NO_FILESYSTEM
@@ -20817,6 +20821,7 @@ static void test_wolfSSL_PKCS8_d2i(void)
 
     printf(resultFmt, passed);
 #endif
+#endif /* WOLFSSL_FIPS */
 }
 
 static void test_wolfSSL_ERR_put_error(void)