Message ID | 20221108142025.13461-3-nstange@suse.de (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Herbert Xu |
Headers | show |
Series | Trivial set of FIPS 140-3 related changes | expand |
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index e2806ef044fd..1ffbe3abb84a 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4501,7 +4501,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { #endif .alg = "cbcmac(aes)", - .fips_allowed = 1, .test = alg_test_hash, .suite = { .hash = __VECS(aes_cbcmac_tv_template)
cbcmac(aes) may be used only as part of the ccm(aes) construction in FIPS mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain cbcmac(aes) as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange <nstange@suse.de> --- crypto/testmgr.c | 1 - 1 file changed, 1 deletion(-)