crypto: des - disallow des3 in FIPS mode

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

On Dec 31 2023 NIST sunsets TDES for FIPS use. To prevent FIPS
validations to be completed in the future to be affected by the TDES
sunsetting, disallow TDES already now. Otherwise a FIPS validation would
need to be "touched again" end 2023 to handle TDES accordingly.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Stephan Müller and committed by

Herbert Xu 4 years ago 330507fb 1e146c39

-9

1 changed file

expand all

crypto

testmgr.c

-9

crypto/testmgr.c

··· 4193 4193 }, { 4194 4194 .alg = "authenc(hmac(sha1),cbc(des3_ede))", 4195 4195 .test = alg_test_aead, 4196 - .fips_allowed = 1, 4197 4196 .suite = { 4198 4197 .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp) 4199 4198 } ··· 4219 4220 }, { 4220 4221 .alg = "authenc(hmac(sha224),cbc(des3_ede))", 4221 4222 .test = alg_test_aead, 4222 - .fips_allowed = 1, 4223 4223 .suite = { 4224 4224 .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp) 4225 4225 } ··· 4238 4240 }, { 4239 4241 .alg = "authenc(hmac(sha256),cbc(des3_ede))", 4240 4242 .test = alg_test_aead, 4241 - .fips_allowed = 1, 4242 4243 .suite = { 4243 4244 .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp) 4244 4245 } ··· 4258 4261 }, { 4259 4262 .alg = "authenc(hmac(sha384),cbc(des3_ede))", 4260 4263 .test = alg_test_aead, 4261 - .fips_allowed = 1, 4262 4264 .suite = { 4263 4265 .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp) 4264 4266 } ··· 4285 4289 }, { 4286 4290 .alg = "authenc(hmac(sha512),cbc(des3_ede))", 4287 4291 .test = alg_test_aead, 4288 - .fips_allowed = 1, 4289 4292 .suite = { 4290 4293 .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp) 4291 4294 } ··· 4394 4399 }, { 4395 4400 .alg = "cbc(des3_ede)", 4396 4401 .test = alg_test_skcipher, 4397 - .fips_allowed = 1, 4398 4402 .suite = { 4399 4403 .cipher = __VECS(des3_ede_cbc_tv_template) 4400 4404 }, ··· 4499 4505 } 4500 4506 }, { 4501 4507 .alg = "cmac(des3_ede)", 4502 - .fips_allowed = 1, 4503 4508 .test = alg_test_hash, 4504 4509 .suite = { 4505 4510 .hash = __VECS(des3_ede_cmac64_tv_template) ··· 4573 4580 }, { 4574 4581 .alg = "ctr(des3_ede)", 4575 4582 .test = alg_test_skcipher, 4576 - .fips_allowed = 1, 4577 4583 .suite = { 4578 4584 .cipher = __VECS(des3_ede_ctr_tv_template) 4579 4585 } ··· 4838 4846 }, { 4839 4847 .alg = "ecb(des3_ede)", 4840 4848 .test = alg_test_skcipher, 4841 - .fips_allowed = 1, 4842 4849 .suite = { 4843 4850 .cipher = __VECS(des3_ede_tv_template) 4844 4851 }