crypto: testmgr - Skip algs not flagged fips_allowed in fips mode

Because all fips-allowed algorithms must be self-tested before they can be used, they will all have entries in testmgr.c's alg_test_descs[]. Skip self-tests for any algs not flagged as fips_approved and return -EINVAL when in fips mode. Signed-off-by: Jarod Wilson <jarod@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: testmgr - Skip algs not flagged fips_allowed in fips mode
Because all fips-allowed algorithms must be self-tested before they can be used, they will all have entries in testmgr.c's alg_test_descs[]. Skip self-tests for any algs not flagged as fips_approved and return -EINVAL when in fips mode. Signed-off-by: Jarod Wilson <jarod@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jarod Wilson · Herbert Xu
1 parent a1915d51e8
Showing 1 changed file with 8 additions and 0 deletions Side-by-side Diff
crypto/testmgr.c
@@ -2308,6 +2308,9 @@
 		if (i < 0)
 			goto notest;
  
+		if (fips_enabled && !alg_test_descs[i].fips_allowed)
+			goto non_fips_alg;
+
 		rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
 		goto test_done;
 	}
@@ -2316,6 +2319,9 @@
 	if (i < 0)
 		goto notest;
  
+	if (fips_enabled && !alg_test_descs[i].fips_allowed)
+		goto non_fips_alg;
+
 	rc = alg_test_descs[i].test(alg_test_descs + i, driver,
 				      type, mask);
 test_done:
@@ -2331,6 +2337,8 @@
 notest:
 	printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
 	return 0;
+non_fips_alg:
+	return -EINVAL;
 }
 EXPORT_SYMBOL_GPL(alg_test);
...	...	@@ -2308,6 +2308,9 @@
2308	2308	if (i < 0)
2309	2309	goto notest;
2310	2310
	2311	+ if (fips_enabled && !alg_test_descs[i].fips_allowed)
	2312	+ goto non_fips_alg;
	2313	+
2311	2314	rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
2312	2315	goto test_done;
2313	2316	}
...	...	@@ -2316,6 +2319,9 @@
2316	2319	if (i < 0)
2317	2320	goto notest;
2318	2321
	2322	+ if (fips_enabled && !alg_test_descs[i].fips_allowed)
	2323	+ goto non_fips_alg;
	2324	+
2319	2325	rc = alg_test_descs[i].test(alg_test_descs + i, driver,
2320	2326	type, mask);
2321	2327	test_done:
...	...	@@ -2331,6 +2337,8 @@
2331	2337	notest:
2332	2338	printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
2333	2339	return 0;
	2340	+non_fips_alg:
	2341	+ return -EINVAL;
2334	2342	}
2335	2343	EXPORT_SYMBOL_GPL(alg_test);