diff options
author | 2022-12-29 22:17:09 +0100 | |
---|---|---|
committer | 2023-01-06 17:15:47 +0800 | |
commit | 2912eb9b17ac29facd799ffe05fdb7cf10017e82 (patch) | |
tree | ae2e1d378fd659c30589247fab9047af158559e2 /arch | |
parent | crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode (diff) | |
download | wireguard-linux-2912eb9b17ac29facd799ffe05fdb7cf10017e82.tar.xz wireguard-linux-2912eb9b17ac29facd799ffe05fdb7cf10017e82.zip |
crypto: testmgr - disallow plain ghash in FIPS mode
ghash may be used only as part of the gcm(aes) construction in FIPS
mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific
constructions in FIPS mode") there's support for using spawns which by
itself are marked as non-approved from approved template instantiations.
So simply mark plain ghash as non-approved in testmgr to block any attempts
of direct instantiations in FIPS mode.
Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'arch')
0 files changed, 0 insertions, 0 deletions