Re: [PATCH] crypto: testmgr - disallow certain DRBG hash functions in FIPS mode

From: Herbert Xu
Date: Fri Jan 27 2023 - 06:07:28 EST

Next message: Herbert Xu: "Re: [PATCH linux-next] crypto: aspeed - Use devm_platform_get_and_ioremap_resource()"
Previous message: Herbert Xu: "[PATCH] hwrng: starfive - Enable compile testing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 17, 2023 at 06:20:06PM +0100, Vladis Dronov wrote:
> According to FIPS 140-3 IG, section D.R "Hash Functions Acceptable for
> Use in the SP 800-90A DRBGs", modules certified after May 16th, 2023
> must not support the use of: SHA-224, SHA-384, SHA512-224, SHA512-256,
> SHA3-224, SHA3-384. Disallow HMAC and HASH DRBGs using SHA-384 in FIPS
> mode.
>
> Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx>
> ---
> Some details:
>
> The following DRBG algos are defined in testmgr.c as of now:
>
> drbg_{no,}pr_ctr_aes128
> drbg_{no,}pr_ctr_aes192
> drbg_{no,}pr_ctr_aes256
>
> drbg_{no,}pr_hmac_sha1
> drbg_{no,}pr_hmac_sha256
> drbg_{no,}pr_hmac_sha384 (disallow)
> drbg_{no,}pr_hmac_sha512
>
> drbg_{no,}pr_sha1
> drbg_{no,}pr_sha256
> drbg_{no,}pr_sha384 (disallow)
> drbg_{no,}pr_sha512
>
> Marked DRBGs should be disallowed in FIPS mode according to
> the requirements above.
> ---
> crypto/testmgr.c | 4 ----
> 1 file changed, 4 deletions(-)

Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Herbert Xu: "Re: [PATCH linux-next] crypto: aspeed - Use devm_platform_get_and_ioremap_resource()"
Previous message: Herbert Xu: "[PATCH] hwrng: starfive - Enable compile testing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]