diff mbox series

[2/4] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode

Message ID 20221108142025.13461-3-nstange@suse.de (mailing list archive)
State Changes Requested
Delegated to: Herbert Xu
Headers show
Series Trivial set of FIPS 140-3 related changes | expand

Commit Message

Nicolai Stange Nov. 8, 2022, 2:20 p.m. UTC
cbcmac(aes) may be used only as part of the ccm(aes) construction in FIPS
mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific
constructions in FIPS mode") there's support for using spawns which by
itself are marked as non-approved from approved template instantiations.
So simply mark plain cbcmac(aes) as non-approved in testmgr to block any
attempts of direct instantiations in FIPS mode.

Signed-off-by: Nicolai Stange <nstange@suse.de>
---
 crypto/testmgr.c | 1 -
 1 file changed, 1 deletion(-)
diff mbox series

Patch

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index e2806ef044fd..1ffbe3abb84a 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4501,7 +4501,6 @@  static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 #endif
 		.alg = "cbcmac(aes)",
-		.fips_allowed = 1,
 		.test = alg_test_hash,
 		.suite = {
 			.hash = __VECS(aes_cbcmac_tv_template)