diff options
author | Nicolai Stange <nstange@suse.de> | 2022-12-29 22:17:08 +0100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2023-01-06 17:15:47 +0800 |
commit | 5a1604dd5a5edacff1acad29c865aed35e28d806 (patch) | |
tree | 6bdd7d22aa23f77f96e36e0196eb7a1cb593a6b9 /crypto/testmgr.c | |
parent | 107683ef5bf3d6b3c88a4535f56200149abb0a04 (diff) | |
download | linux-crypto-5a1604dd5a5edacff1acad29c865aed35e28d806.tar.gz linux-crypto-5a1604dd5a5edacff1acad29c865aed35e28d806.zip |
crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode
cbcmac(aes) may be used only as part of the ccm(aes) construction in FIPS
mode. Since commit a11311e8eed9 ("crypto: api - allow algs only in specific
constructions in FIPS mode") there's support for using spawns which by
itself are marked as non-approved from approved template instantiations.
So simply mark plain cbcmac(aes) as non-approved in testmgr to block any
attempts of direct instantiations in FIPS mode.
Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to '')
-rw-r--r-- | crypto/testmgr.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 4476ac97..562463a7 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4501,7 +4501,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { #endif .alg = "cbcmac(aes)", - .fips_allowed = 1, .test = alg_test_hash, .suite = { .hash = __VECS(aes_cbcmac_tv_template) |