crypto: des - disallow des3 in FIPS mode
authorStephan Müller <smueller@chronox.de>
Sun, 21 Nov 2021 15:10:33 +0000 (16:10 +0100)
committerHerbert Xu <herbert@gondor.apana.org.au>
Fri, 26 Nov 2021 05:25:18 +0000 (16:25 +1100)
On Dec 31 2023 NIST sunsets TDES for FIPS use. To prevent FIPS
validations to be completed in the future to be affected by the TDES
sunsetting, disallow TDES already now. Otherwise a FIPS validation would
need to be "touched again" end 2023 to handle TDES accordingly.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto/testmgr.c

index 58eee8eab4bf72060ac9630f52beab5abf71bbcd..5831d4bbc64fa6c3c1a7226ec46b542382f063e4 100644 (file)
@@ -4193,7 +4193,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha1),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp)
                }
@@ -4220,7 +4219,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha224),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp)
                }
@@ -4240,7 +4238,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha256),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp)
                }
@@ -4261,7 +4258,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha384),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp)
                }
@@ -4289,7 +4285,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "authenc(hmac(sha512),cbc(des3_ede))",
                .test = alg_test_aead,
-               .fips_allowed = 1,
                .suite = {
                        .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp)
                }
@@ -4399,7 +4394,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "cbc(des3_ede)",
                .test = alg_test_skcipher,
-               .fips_allowed = 1,
                .suite = {
                        .cipher = __VECS(des3_ede_cbc_tv_template)
                },
@@ -4505,7 +4499,6 @@ static const struct alg_test_desc alg_test_descs[] = {
                }
        }, {
                .alg = "cmac(des3_ede)",
-               .fips_allowed = 1,
                .test = alg_test_hash,
                .suite = {
                        .hash = __VECS(des3_ede_cmac64_tv_template)
@@ -4580,7 +4573,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "ctr(des3_ede)",
                .test = alg_test_skcipher,
-               .fips_allowed = 1,
                .suite = {
                        .cipher = __VECS(des3_ede_ctr_tv_template)
                }
@@ -4846,7 +4838,6 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "ecb(des3_ede)",
                .test = alg_test_skcipher,
-               .fips_allowed = 1,
                .suite = {
                        .cipher = __VECS(des3_ede_tv_template)
                }