[PATCH 4/4] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode

From: Nicolai Stange
Date: Tue Nov 08 2022 - 09:21:44 EST

Next message: Mirsad Goran Todorovac: "Re: INFO: BISECTED: rcu_preempt detected expedited stalls on CPUs/tasks (6.1.0-rc3): in cat /sys/kernel/debug/kmemleak"
Previous message: Nicolai Stange: "[PATCH 3/4] crypto: testmgr - disallow plain ghash in FIPS mode"
In reply to: Nicolai Stange: "[PATCH 3/4] crypto: testmgr - disallow plain ghash in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The kernel provides implementations of the NIST ECDSA signature
verification primitives. For key sizes of 256 and 384 bits respectively
they are approved and can be enabled in FIPS mode. Do so.

Signed-off-by: Nicolai Stange <nstange@xxxxxxx>
---
crypto/testmgr.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 6d91a2acd119..f641f9c830d8 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ecdsa-nist-p256",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p256_tv_template)
}
}, {
.alg = "ecdsa-nist-p384",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p384_tv_template)
}
--
2.38.0

Next message: Mirsad Goran Todorovac: "Re: INFO: BISECTED: rcu_preempt detected expedited stalls on CPUs/tasks (6.1.0-rc3): in cat /sys/kernel/debug/kmemleak"
Previous message: Nicolai Stange: "[PATCH 3/4] crypto: testmgr - disallow plain ghash in FIPS mode"
In reply to: Nicolai Stange: "[PATCH 3/4] crypto: testmgr - disallow plain ghash in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]