crypto: testmgr - allow authenc(sha224,rfc3686) variant in fips mode

[PATCH] crypto: testmgr - allow authenc(sha224,rfc3686) variant in fips mode

Posted by Aleksander Jan Bajkowski 1 month ago

The remaining combinations of AES-CTR-RFC3686 and SHA* have already been
marked as allowed in 8888690ef5f7. This commit does the same for SHA224.

rfc3686(ctr(aes)) is already marked fips compliant,
so these should be fine.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
---
 crypto/testmgr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a302be53896d..5bae4871690f 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4137,6 +4137,10 @@ static const struct alg_test_desc alg_test_descs[] = {
 		.suite = {
 			.aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp)
 		}
+	}, {
+		.alg = "authenc(hmac(sha224),rfc3686(ctr(aes)))",
+		.test = alg_test_null,
+		.fips_allowed = 1,
 	}, {
 		.alg = "authenc(hmac(sha256),cbc(aes))",
 		.generic_driver = "authenc(hmac-sha256-lib,cbc(aes-generic))",
-- 
2.47.3

Re: [PATCH] crypto: testmgr - allow authenc(sha224,rfc3686) variant in fips mode

Posted by Herbert Xu 2 weeks, 1 day ago

On Thu, Jan 01, 2026 at 04:25:18PM +0100, Aleksander Jan Bajkowski wrote:
> The remaining combinations of AES-CTR-RFC3686 and SHA* have already been
> marked as allowed in 8888690ef5f7. This commit does the same for SHA224.
> 
> rfc3686(ctr(aes)) is already marked fips compliant,
> so these should be fine.
> 
> Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
> ---
>  crypto/testmgr.c | 4 ++++
>  1 file changed, 4 insertions(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt