crypto: des - disallow des3 in FIPS mode

On Dec 31 2023 NIST sunsets TDES for FIPS use. To prevent FIPS
validations to be completed in the future to be affected by the TDES
sunsetting, disallow TDES already now. Otherwise a FIPS validation would
need to be "touched again" end 2023 to handle TDES accordingly.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 58eee8e..5831d4b 100644 (file)
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4193,7 +4193,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha1),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp)
                }
@@ -4220,7 +4219,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha224),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp)
                }
@@ -4240,7 +4238,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha256),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp)
                }
@@ -4261,7 +4258,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha384),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp)
                }
@@ -4289,7 +4285,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha512),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp)
                }
@@ -4399,7 +4394,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "cbc(des3_ede)",
                .test = alg_test_skcipher,
-               .fips_allowed = 1,
                .suite = {
                        .cipher = __VECS(des3_ede_cbc_tv_template)
                },
@@ -4505,7 +4499,6 @@ static const struct alg_test_desc alg_test_descs[] = {
                }
        }, {
                .alg = "cmac(des3_ede)",
-               .fips_allowed = 1,
                .test = alg_test_hash,
                .suite = {
                        .hash = __VECS(des3_ede_cmac64_tv_template)
@@ -4580,7 +4573,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "ctr(des3_ede)",
                .test = alg_test_skcipher,
-               .fips_allowed = 1,
                .suite = {
                        .cipher = __VECS(des3_ede_ctr_tv_template)
                }
@@ -4846,7 +4838,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "ecb(des3_ede)",
                .test = alg_test_skcipher,
-               .fips_allowed = 1,
                .suite = {
                        .cipher = __VECS(des3_ede_tv_template)
                }