crypto: testmgr - disallow plain ghash in FIPS mode

ghash may be used only as part of the gcm(aes) construction in FIPS mode. Since commit d6097b8 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain ghash as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange <[email protected]> Signed-off-by: Vladis Dronov <[email protected]> Signed-off-by: Herbert Xu <[email protected]>
niw · Jan 6, 2023 · 2912eb9 · 2912eb9
1 parent 1ce94a8
commit 2912eb9
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
@@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ghash",
 		.test = alg_test_hash,
-		.fips_allowed = 1,
 		.suite = {
 			.hash = __VECS(ghash_tv_template)
 		}