summaryrefslogtreecommitdiffstats
path: root/crypto/testmgr.c
diff options
context:
space:
mode:
authorStephan Mueller <smueller@chronox.de>2016-08-25 15:15:01 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2016-08-31 23:21:25 +0800
commit10faa8c0d6c3b22466f97713a9533824a2ea1c57 (patch)
tree3e6c48146665b6397a434d142cf1d2014d7fee68 /crypto/testmgr.c
parent93ba73fed31d0ec96489fedaeef1a1c402f9c8e4 (diff)
downloadlinux-10faa8c0d6c3b22466f97713a9533824a2ea1c57.tar.gz
linux-10faa8c0d6c3b22466f97713a9533824a2ea1c57.tar.bz2
linux-10faa8c0d6c3b22466f97713a9533824a2ea1c57.zip
crypto: FIPS - allow tests to be disabled in FIPS mode
In FIPS mode, additional restrictions may apply. If these restrictions are violated, the kernel will panic(). This patch allows test vectors for symmetric ciphers to be marked as to be skipped in FIPS mode. Together with the patch, the XTS test vectors where the AES key is identical to the tweak key is disabled in FIPS mode. This test vector violates the FIPS requirement that both keys must be different. Reported-by: Tapas Sarangi <TSarangi@trustwave.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/testmgr.c')
-rw-r--r--crypto/testmgr.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index c2a8bd38ef1f..0b01c3d062e2 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1008,6 +1008,9 @@ static int test_cipher(struct crypto_cipher *tfm, int enc,
if (template[i].np)
continue;
+ if (fips_enabled && template[i].fips_skip)
+ continue;
+
j++;
ret = -EINVAL;
@@ -1112,6 +1115,9 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
if (template[i].np && !template[i].also_non_np)
continue;
+ if (fips_enabled && template[i].fips_skip)
+ continue;
+
if (template[i].iv)
memcpy(iv, template[i].iv, ivsize);
else
@@ -1198,6 +1204,9 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
if (!template[i].np)
continue;
+ if (fips_enabled && template[i].fips_skip)
+ continue;
+
if (template[i].iv)
memcpy(iv, template[i].iv, ivsize);
else