crypto: testmgr - disallow plain ghash in FIPS mode - wireguard-linux

diff options

author	Nicolai Stange <nstange@suse.de>	2022-12-29 22:17:09 +0100
committer	Herbert Xu <herbert@gondor.apana.org.au>	2023-01-06 17:15:47 +0800
commit	2912eb9b17ac29facd799ffe05fdb7cf10017e82 (patch)
tree	ae2e1d378fd659c30589247fab9047af158559e2 /arch
parent	crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode (diff)
download	wireguard-linux-2912eb9b17ac29facd799ffe05fdb7cf10017e82.tar.xz wireguard-linux-2912eb9b17ac29facd799ffe05fdb7cf10017e82.zip

crypto: testmgr - disallow plain ghash in FIPS mode

ghash may be used only as part of the gcm(aes) construction in FIPS mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain ghash as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Diffstat (limited to 'arch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: