| Message ID | 20221229203708.13628-7-vdronov@redhat.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2582277wrt;
Thu, 29 Dec 2022 12:44:17 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXu9MijMD51FJQoMMPQQn0ZSON44k5CVGZ9HtVjP33D8lYsCSeYxA4TWLMM6IloccsmHHnzk
X-Received: by 2002:a17:90a:d318:b0:219:23e5:dcbe with SMTP id
p24-20020a17090ad31800b0021923e5dcbemr46886001pju.19.1672346657055;
Thu, 29 Dec 2022 12:44:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672346657; cv=none;
d=google.com; s=arc-20160816;
b=hzsrIaxsDHcKKkcKTK/j2g1vPtPAkh2JpI/VSJb8DV4k/8zv9nurM6BgWShnNwFwND
Dl0hvspA4MdC6mpqNCkC6IO8VsZ77/N9/KIqrR4K/JpjMbnL2NTaIWO3wfk1lmFE6NhF
IgOW2KLYoV9wPqQyTvJVg5aryL5KjkTpZaj53rqPgrb61L6t4GWra5/YcNP4XZVkxz1U
Gg6vnwQ9TQcKGtlYKIS5L9lttpzpHfbHC79gEEr8fVxTDjfoRXh1sH/y5xLJKCO4PSF4
ajT9jZk9HpCuvcxXCpi1t32hn4Z03m41AgD/cXYda+XEgp7lURIm+FABc0yt3RLjImKn
xfjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=M/O7ovWlD6rDqALxE5fmNq+xJQTo2e2KoATZ05+fVUM=;
b=iZxolCpQcClzpqrl+sCaf+qm9XJXUG+0G+n0ZRPY6kZFiwvubpfI3VY6EhEFF4PZns
2Do8HfLqcp7kn+bkOXp3vI6ILtvgePvYU0VFwTjCnDgPzLott5Ho3TAf2GHwtSh/Q9bg
owKENACy27r0wx8n0iM8Mv9ogg+AUnNdTHbcZS3jDubTtxQb3ipRKg3NqUcgWnayIiLy
WfubaiJ/vbE9y40hyCr11qZCPILtu+ecPzEXfEV3wu/SnBx31vRvA5uEmgVFpSWtMslQ
b3RNpZebWSe67wiBcCQ6OyI+tuNG5i8ZQE4l+NRbRxSO8LtSjzjp0hILdo1gEL8fkvWy
KtjQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=i0mYWB8Z;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
pv13-20020a17090b3c8d00b00219de90bdc5si23268717pjb.20.2022.12.29.12.44.04;
Thu, 29 Dec 2022 12:44:17 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=i0mYWB8Z;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S234134AbiL2Uju (ORCPT <rfc822;eddaouddi.ayoub@gmail.com>
+ 99 others); Thu, 29 Dec 2022 15:39:50 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51524 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S234116AbiL2Uir (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 29 Dec 2022 15:38:47 -0500
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.129.124])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A1E01740A
for <linux-kernel@vger.kernel.org>;
Thu, 29 Dec 2022 12:38:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1672346279;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=M/O7ovWlD6rDqALxE5fmNq+xJQTo2e2KoATZ05+fVUM=;
b=i0mYWB8ZyU6WReOfsbQ2ZG9XEQeZEira0S6qdCVt7/Gvr46jKC5wDj5G2YSyrCv2qPfN+W
9tVAGVyp9AZs6P73DIWqzHC/m8c83mTn78Hy5fD/o8EMl/zgtrtMCZ9qxHGx3Rjfdqj+9H
4jCkB0iLxtkfg8Cp7LBYYq4OHxGNBzo=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
[66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
us-mta-617-MPEltkLTPYOClQJQrA3BGA-1; Thu, 29 Dec 2022 15:37:56 -0500
X-MC-Unique: MPEltkLTPYOClQJQrA3BGA-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
[10.11.54.3])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C499929ABA00;
Thu, 29 Dec 2022 20:37:55 +0000 (UTC)
Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2])
by smtp.corp.redhat.com (Postfix) with ESMTP id 97DAF112132C;
Thu, 29 Dec 2022 20:37:53 +0000 (UTC)
From: Vladis Dronov <vdronov@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>
Cc: Nicolai Stange <nstange@suse.de>, Elliott Robert <elliott@hpe.com>,
Stephan Mueller <smueller@chronox.de>,
Eric Biggers <ebiggers@google.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Vladis Dronov <vdronov@redhat.com>
Subject: [PATCH v2 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in
FIPS mode
Date: Thu, 29 Dec 2022 21:37:08 +0100
Message-Id: <20221229203708.13628-7-vdronov@redhat.com>
In-Reply-To: <20221229203708.13628-1-vdronov@redhat.com>
References: <20221229203708.13628-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1753582568085956135?=
X-GMAIL-MSGID: =?utf-8?q?1753582568085956135?=
|
| Series |
Trivial set of FIPS 140-3 related changes
|
|
Commit Message
Vladis Dronov
Dec. 29, 2022, 8:37 p.m. UTC
From: Nicolai Stange <nstange@suse.de> The kernel provides implementations of the NIST ECDSA signature verification primitives. For key sizes of 256 and 384 bits respectively they are approved and can be enabled in FIPS mode. Do so. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Reviewed-by: Eric Biggers <ebiggers@google.com> --- crypto/testmgr.c | 2 ++ 1 file changed, 2 insertions(+)
Comments
On Thu, Dec 29, 2022 at 09:37:08PM +0100, Vladis Dronov wrote: > From: Nicolai Stange <nstange@suse.de> > > The kernel provides implementations of the NIST ECDSA signature > verification primitives. For key sizes of 256 and 384 bits respectively > they are approved and can be enabled in FIPS mode. Do so. > > Signed-off-by: Nicolai Stange <nstange@suse.de> > Signed-off-by: Vladis Dronov <vdronov@redhat.com> > Reviewed-by: Eric Biggers <ebiggers@google.com> Please don't add my Reviewed-by to patches I didn't review. I only gave Reviewed-by on "[PATCH 2/6] crypto: xts - drop xts_check_key()". I didn't look at the other patches in the series much, as I'm not very interested in them. - Eric
On Thu, Dec 29, 2022 at 10:02 PM Eric Biggers <ebiggers@kernel.org> wrote: > ... skip ... > Please don't add my Reviewed-by to patches I didn't review. I only gave > Reviewed-by on "[PATCH 2/6] crypto: xts - drop xts_check_key()". I didn't look > at the other patches in the series much, as I'm not very interested in them. > > - Eric My bad. I'm sorry for misunderstanding and this traffic and mess. Let me send v3 with your review tag for the patch 2/6 only. Best regards, Vladis
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index a223cf5f3626..795c4858c741 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ecdsa-nist-p256", .test = alg_test_akcipher, + .fips_allowed = 1, .suite = { .akcipher = __VECS(ecdsa_nist_p256_tv_template) } }, { .alg = "ecdsa-nist-p384", .test = alg_test_akcipher, + .fips_allowed = 1, .suite = { .akcipher = __VECS(ecdsa_nist_p384_tv_template) }