Message ID | 20221108142025.13461-4-nstange@suse.de (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Herbert Xu |
Headers | show |
Series | Trivial set of FIPS 140-3 related changes | expand |
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 1ffbe3abb84a..6d91a2acd119 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ghash", .test = alg_test_hash, - .fips_allowed = 1, .suite = { .hash = __VECS(ghash_tv_template) }
ghash may be used only as part of the gcm(aes) construction in FIPS mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain ghash as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange <nstange@suse.de> --- crypto/testmgr.c | 1 - 1 file changed, 1 deletion(-)