summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorNicolai Stange <nstange@suse.de>2022-12-29 22:17:10 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>2023-01-06 10:15:47 +0100
commitc27b2d2012e1826674255b9e45b61c172a267e1c (patch)
tree8225b91f54e69a3e49604c97214c1468c9273e80 /crypto
parentcrypto: testmgr - disallow plain ghash in FIPS mode (diff)
downloadlinux-c27b2d2012e1826674255b9e45b61c172a267e1c.tar.xz
linux-c27b2d2012e1826674255b9e45b61c172a267e1c.zip
crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode
The kernel provides implementations of the NIST ECDSA signature verification primitives. For key sizes of 256 and 384 bits respectively they are approved and can be enabled in FIPS mode. Do so. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/testmgr.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a223cf5f3626..795c4858c741 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ecdsa-nist-p256",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p256_tv_template)
}
}, {
.alg = "ecdsa-nist-p384",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p384_tv_template)
}