crypto: testmgr - disallow plain ghash in FIPS mode

nicstange · herbertx · commit 2912eb9b17ac · 2023-01-06T17:15:47.000+08:00
ghash may be used only as part of the gcm(aes) construction in FIPS mode. Since commit d6097b8 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain ghash as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
@@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ghash",
 		.test = alg_test_hash,
-		.fips_allowed = 1,
 		.suite = {
 			.hash = __VECS(ghash_tv_template)
 		}

Original file line number	Diff line number	Diff line change
`@@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = {`
`5125`	`5125`	`}, {`
`5126`	`5126`	`.alg = "ghash",`
`5127`	`5127`	`.test = alg_test_hash,`
`5128`		`- .fips_allowed = 1,`
`5129`	`5128`	`.suite = {`
`5130`	`5129`	`.hash = __VECS(ghash_tv_template)`
`5131`	`5130`	`}`