diff options
| author | Nicolai Stange <nstange@suse.de> | 2022-12-29 22:17:09 +0100 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2023-01-06 17:15:47 +0800 |
| commit | c2a730b9a8190fa228bd7ea23f0184cd8b21a513 (patch) | |
| tree | 169f9f529ba5784687193bfc56ee6146ad79e90f /crypto | |
| parent | 5a1604dd5a5edacff1acad29c865aed35e28d806 (diff) | |
| download | linux-crypto-c2a730b9a8190fa228bd7ea23f0184cd8b21a513.tar.gz linux-crypto-c2a730b9a8190fa228bd7ea23f0184cd8b21a513.zip | |
crypto: testmgr - disallow plain ghash in FIPS mode
ghash may be used only as part of the gcm(aes) construction in FIPS
mode. Since commit a11311e8eed9 ("crypto: api - allow algs only in specific
constructions in FIPS mode") there's support for using spawns which by
itself are marked as non-approved from approved template instantiations.
So simply mark plain ghash as non-approved in testmgr to block any attempts
of direct instantiations in FIPS mode.
Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/testmgr.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 562463a7..a223cf5f 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ghash", .test = alg_test_hash, - .fips_allowed = 1, .suite = { .hash = __VECS(ghash_tv_template) } |