crypto: testmgr - Disable raw RSA in FIPS mode

Message ID	Y+NrB5q1VcIIa+jk@gondor.apana.org.au
State	New
Headers	show Return-Path: <linux-crypto-owner@vger.kernel.org> Date: Wed, 8 Feb 2023 17:27:35 +0800 From: Herbert Xu <herbert@gondor.apana.org.au> To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>, Ondrej Mosnacek <omosnace@redhat.com> Cc: Clemens Lang <cllang@redhat.com> Subject: [PATCH] crypto: testmgr - Disable raw RSA in FIPS mode Message-ID: <Y+NrB5q1VcIIa+jk@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: bulk
Series	crypto: testmgr - Disable raw RSA in FIPS mode \| expand crypto: testmgr - Disable raw RSA in FIPS mode

Message ID

Y+NrB5q1VcIIa+jk@gondor.apana.org.au

State

New

Headers

Date: Wed, 8 Feb 2023 17:27:35 +0800
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        Ondrej Mosnacek <omosnace@redhat.com>
Cc: Clemens Lang <cllang@redhat.com>
Subject: [PATCH] crypto: testmgr - Disable raw RSA in FIPS mode
Message-ID: <Y+NrB5q1VcIIa+jk@gondor.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Precedence: bulk

Series

crypto: testmgr - Disable raw RSA in FIPS mode | expand

As FIPS is only able to verify the compliance of pkcs1pad the underlying "rsa" algorithm should not be marked as fips_allowed. Reported-by: Clemens Lang <cllang@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Comments

Herbert Xu Feb. 14, 2023, 1:26 a.m. UTC | #1

On Thu, Feb 09, 2023 at 04:33:34PM +0100, Ondrej Mosnacek wrote:
>
> Seems to work as expected - with the patch I get the following lines
> in the kernel console (in FIPS MODE:

Thanks for checking Ondrej!

As Clemens informed me that this patch is no longer needed I'm
withdrawing it for now.

Cheers,

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index dd748832ed4a..6fbb56c6bd4c 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5467,7 +5467,6 @@  static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "rsa",
 		.test = alg_test_akcipher,
-		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(rsa_tv_template)
 		}

crypto: testmgr - Disable raw RSA in FIPS mode

Commit Message

Comments

Patch