Re: [PATCH v2] lib/crypto: Add FIPS self-tests for SHA-1 and SHA-2

Next message: kernel test robot: "Re: [PATCH] mm: use enum for vm_flags"
Previous message: Eric Biggers: "[PATCH v2] lib/crypto: Add FIPS self-tests for SHA-1 and SHA-2"
In reply to: Eric Biggers: "[PATCH v2] lib/crypto: Add FIPS self-tests for SHA-1 and SHA-2"
Next in thread: Eric Biggers: "Re: [PATCH v2] lib/crypto: Add FIPS self-tests for SHA-1 and SHA-2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ard Biesheuvel

Date: Fri Oct 10 2025 - 20:17:49 EST

On Fri, 10 Oct 2025 at 17:12, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> Add FIPS cryptographic algorithm self-tests for all SHA-1 and SHA-2
> algorithms. Following the "Implementation Guidance for FIPS 140-3"
> document, to achieve this it's sufficient to just test a single test
> vector for each of HMAC-SHA1, HMAC-SHA256, and HMAC-SHA512.
>
> Just run these tests in the initcalls, following the example of e.g.
> crypto/kdf_sp800108.c. Note that this should meet the FIPS self-test
> requirement even in the built-in case, given that the initcalls run
> before userspace, storage, network, etc. are accessible.
>
> This does not fix a regression, seeing as lib/ has had SHA-1 support
> since 2005 and SHA-256 support since 2018. Neither ever had FIPS
> self-tests. Moreover, fips=1 support has always been an unfinished
> feature upstream. However, with lib/ now being used more widely, it's
> now seeing more scrutiny and people seem to want these now.
>
> Link: https://lore.kernel.org/linux-crypto/20250917184856.GA2560@quark/
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>

Reviewed-by: Ard Biesheuvel <ardb@xxxxxxxxxx>