diff options
| author | Dimitri John Ledkov <dimitri.ledkov@canonical.com> | 2023-10-30 13:05:16 +0100 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2023-11-17 12:16:29 +0100 |
| commit | bc197f5760025b61a33565301f4390886e0483db (patch) | |
| tree | 460fb90a942eb49bfd52757d68965a0dfd5ae78f /crypto/testmgr.c | |
| parent | crypto: drbg - ensure drbg hmac sha512 is used in FIPS selftests (diff) | |
| download | linux-bc197f5760025b61a33565301f4390886e0483db.tar.xz linux-bc197f5760025b61a33565301f4390886e0483db.zip | |
crypto: drbg - Remove SHA1 from drbg
SP800-90C 3rd draft states that SHA-1 will be removed from all
specifications, including drbg by end of 2030. Given kernels built
today will be operating past that date, start complying with upcoming
requirements.
No functional change, as SHA-256 / SHA-512 based DRBG have always been
the preferred ones.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/testmgr.c')
| -rw-r--r-- | crypto/testmgr.c | 25 |
1 files changed, 4 insertions, 21 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 15c7a3011269..59f0540d442e 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4846,14 +4846,6 @@ static const struct alg_test_desc alg_test_descs[] = { .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template) } }, { - /* - * There is no need to specifically test the DRBG with every - * backend cipher -- covered by drbg_nopr_hmac_sha256 test - */ - .alg = "drbg_nopr_hmac_sha1", - .fips_allowed = 1, - .test = alg_test_null, - }, { .alg = "drbg_nopr_hmac_sha256", .test = alg_test_drbg, .fips_allowed = 1, @@ -4861,7 +4853,10 @@ static const struct alg_test_desc alg_test_descs[] = { .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template) } }, { - /* covered by drbg_nopr_hmac_sha256 test */ + /* + * There is no need to specifically test the DRBG with every + * backend cipher -- covered by drbg_nopr_hmac_sha512 test + */ .alg = "drbg_nopr_hmac_sha384", .test = alg_test_null, }, { @@ -4872,10 +4867,6 @@ static const struct alg_test_desc alg_test_descs[] = { .drbg = __VECS(drbg_nopr_hmac_sha512_tv_template) } }, { - .alg = "drbg_nopr_sha1", - .fips_allowed = 1, - .test = alg_test_null, - }, { .alg = "drbg_nopr_sha256", .test = alg_test_drbg, .fips_allowed = 1, @@ -4907,10 +4898,6 @@ static const struct alg_test_desc alg_test_descs[] = { .fips_allowed = 1, .test = alg_test_null, }, { - .alg = "drbg_pr_hmac_sha1", - .fips_allowed = 1, - .test = alg_test_null, - }, { .alg = "drbg_pr_hmac_sha256", .test = alg_test_drbg, .fips_allowed = 1, @@ -4926,10 +4913,6 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_null, .fips_allowed = 1, }, { - .alg = "drbg_pr_sha1", - .fips_allowed = 1, - .test = alg_test_null, - }, { .alg = "drbg_pr_sha256", .test = alg_test_drbg, .fips_allowed = 1, |