Add a new constant FIPS_NON_CRYPTOGRAPHIC and add it to all the
algorithms that are allowed by FIPS due to their non-cryptographic
nature.
This will include CRC32* and all compression algorithms.
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
crypto/testmgr.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 4ca54cf6e244..a216cb8b8caf 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -148,6 +148,13 @@ struct kpp_test_suite {
*/
#define FIPS_ALLOWED 1
+/*
+ * Algorithm is not considered a cryptographic algorithm from
+ * a FIPS point of view and may be used for non-cryptographic
+ * purposes.
+ */
+#define FIPS_NON_CRYPTOGRAPHIC 2
+
struct alg_test_desc {
const char *alg;
const char *generic_driver;
@@ -4523,7 +4530,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "crc32",
.generic_driver = "crc32-lib",
.test = alg_test_hash,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.hash = __VECS(crc32_tv_template)
}
@@ -4531,7 +4538,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "crc32c",
.generic_driver = "crc32c-lib",
.test = alg_test_hash,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.hash = __VECS(crc32c_tv_template)
}
@@ -4654,7 +4661,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "deflate",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(deflate_comp_tv_template),
@@ -4664,7 +4671,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "deflate-iaa",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(deflate_comp_tv_template),
@@ -5211,7 +5218,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lz4",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(lz4_comp_tv_template),
@@ -5221,7 +5228,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lz4hc",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(lz4hc_comp_tv_template),
@@ -5231,7 +5238,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lzo",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(lzo_comp_tv_template),
@@ -5241,7 +5248,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lzo-rle",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(lzorle_comp_tv_template),
@@ -5679,7 +5686,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "zstd",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(zstd_comp_tv_template),
--
2.39.3
