| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20221229203708.13628-7-vdronov@redhat.com>
Date: Thu, 29 Dec 2022 21:37:08 +0100
From: Vladis Dronov <vdronov@...hat.com>
To: Herbert Xu <herbert@...dor.apana.org.au>,
"David S . Miller" <davem@...emloft.net>
Cc: Nicolai Stange <nstange@...e.de>, Elliott Robert <elliott@....com>,
Stephan Mueller <smueller@...onox.de>,
Eric Biggers <ebiggers@...gle.com>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
Vladis Dronov <vdronov@...hat.com>
Subject: [PATCH v2 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode
From: Nicolai Stange <nstange@...e.de>
The kernel provides implementations of the NIST ECDSA signature
verification primitives. For key sizes of 256 and 384 bits respectively
they are approved and can be enabled in FIPS mode. Do so.
Signed-off-by: Nicolai Stange <nstange@...e.de>
Signed-off-by: Vladis Dronov <vdronov@...hat.com>
Reviewed-by: Eric Biggers <ebiggers@...gle.com>
---
crypto/testmgr.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a223cf5f3626..795c4858c741 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ecdsa-nist-p256",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p256_tv_template)
}
}, {
.alg = "ecdsa-nist-p384",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p384_tv_template)
}
--
2.38.1
Powered by blists - more mailing lists