1. Patchew
  2. linux
  3. [PATCH v2 0/6] Trivial set of FIPS 140-3 related changes
  4. View patch

[PATCH v2 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode

Vladis Dronov posted 6 patches 2 years, 8 months ago
There is a newer version of this series
[PATCH v2 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode
Posted by Vladis Dronov 2 years, 8 months ago 
From: Nicolai Stange <nstange@suse.de>

The kernel provides implementations of the NIST ECDSA signature
verification primitives. For key sizes of 256 and 384 bits respectively
they are approved and can be enabled in FIPS mode. Do so.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
---
 crypto/testmgr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a223cf5f3626..795c4858c741 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ecdsa-nist-p256",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p256_tv_template)
 		}
 	}, {
 		.alg = "ecdsa-nist-p384",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p384_tv_template)
 		}
-- 
2.38.1
Re: [PATCH v2 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode
Posted by Eric Biggers 2 years, 8 months ago 
On Thu, Dec 29, 2022 at 09:37:08PM +0100, Vladis Dronov wrote:
> From: Nicolai Stange <nstange@suse.de>
> 
> The kernel provides implementations of the NIST ECDSA signature
> verification primitives. For key sizes of 256 and 384 bits respectively
> they are approved and can be enabled in FIPS mode. Do so.
> 
> Signed-off-by: Nicolai Stange <nstange@suse.de>
> Signed-off-by: Vladis Dronov <vdronov@redhat.com>
> Reviewed-by: Eric Biggers <ebiggers@google.com>

Please don't add my Reviewed-by to patches I didn't review.  I only gave
Reviewed-by on "[PATCH 2/6] crypto: xts - drop xts_check_key()".  I didn't look
at the other patches in the series much, as I'm not very interested in them.

- Eric
Re: [PATCH v2 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode
Posted by Vladis Dronov 2 years, 8 months ago 
On Thu, Dec 29, 2022 at 10:02 PM Eric Biggers <ebiggers@kernel.org> wrote:
> ... skip ...
> Please don't add my Reviewed-by to patches I didn't review.  I only gave
> Reviewed-by on "[PATCH 2/6] crypto: xts - drop xts_check_key()".  I didn't look
> at the other patches in the series much, as I'm not very interested in them.
>
> - Eric

My bad. I'm sorry for misunderstanding and this traffic and mess. Let me send v3
with your review tag for the patch 2/6 only.

Best regards,
Vladis

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.