[PATCH] crypto: Restore sha384 and hmac

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] crypto: Restore sha384 and hmac_sha384 drbgs in FIPS mode
@ 2025-06-17 19:30 Jeff Barnes
  2025-06-23  9:25 ` Herbert Xu
  0 siblings, 1 reply; 2+ messages in thread
From: Jeff Barnes @ 2025-06-17 19:30 UTC (permalink / raw)
  To: Herbert Xu, David S . Miller; +Cc: linux-crypto, linux-kernel, jeffbarnes

Set .fips_allowed in the following drbg alg_test_desc structs.

drbg_nopr_hmac_sha384
drbg_nopr_sha384
drbg_pr_hmac_sha384
drbg_pr_sha384

The sha384 and hmac_sha384 DRBGs with and without prediction resistance
were disallowed in an early version of the FIPS 140-3 Implementation
Guidance document. Hence, the fips_allowed flag in struct alg_test_desc
pertaining to the affected DRBGs was unset. The IG has been withdrawn
and they are allowed again.

Furthermore, when the DRBGs are configured, /proc/crypto shows that
drbg_*pr_sha384 and drbg_*pr_hmac_sha384 are fips-approved ("fips: yes")
but because their self-tests are not run (a consequence of unsetting
the fips_allowed flag), the drbgs won't load successfully with the seeming
contradictory "fips: yes" in /proc/crypto.

This series contains a single patch that sets the fips_allowed flag in
the sha384-impacted DRBGs, which restores the ability to load them in
FIPS mode.

Link: https://lore.kernel.org/linux-crypto/979f4f6f-bb74-4b93-8cbf-6ed653604f0e@jvdsn.com/
Link: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf

To: Herbert Xu <herbert@gondor.apana.org.au>
To: David S. Miller <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Jeff Barnes <jeffbarnes@linux.microsoft.com>
---
 crypto/testmgr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 2f5f6b52b2d4..815d1f31dbac 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4897,6 +4897,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 		 */
 		.alg = "drbg_nopr_hmac_sha384",
 		.test = alg_test_null,
+		.fips_allowed = 1
 	}, {
 		.alg = "drbg_nopr_hmac_sha512",
 		.test = alg_test_drbg,
@@ -4915,6 +4916,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 		/* covered by drbg_nopr_sha256 test */
 		.alg = "drbg_nopr_sha384",
 		.test = alg_test_null,
+		.fips_allowed = 1
 	}, {
 		.alg = "drbg_nopr_sha512",
 		.fips_allowed = 1,
@@ -4946,6 +4948,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 		/* covered by drbg_pr_hmac_sha256 test */
 		.alg = "drbg_pr_hmac_sha384",
 		.test = alg_test_null,
+		.fips_allowed = 1
 	}, {
 		.alg = "drbg_pr_hmac_sha512",
 		.test = alg_test_null,
@@ -4961,6 +4964,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 		/* covered by drbg_pr_sha256 test */
 		.alg = "drbg_pr_sha384",
 		.test = alg_test_null,
+		.fips_allowed = 1
 	}, {
 		.alg = "drbg_pr_sha512",
 		.fips_allowed = 1,
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] crypto: Restore sha384 and hmac_sha384 drbgs in FIPS mode
  2025-06-17 19:30 [PATCH] crypto: Restore sha384 and hmac_sha384 drbgs in FIPS mode Jeff Barnes
@ 2025-06-23  9:25 ` Herbert Xu
  0 siblings, 0 replies; 2+ messages in thread
From: Herbert Xu @ 2025-06-23  9:25 UTC (permalink / raw)
  To: Jeff Barnes; +Cc: David S . Miller, linux-crypto, linux-kernel

On Tue, Jun 17, 2025 at 03:30:05PM -0400, Jeff Barnes wrote:
> Set .fips_allowed in the following drbg alg_test_desc structs.
> 
> drbg_nopr_hmac_sha384
> drbg_nopr_sha384
> drbg_pr_hmac_sha384
> drbg_pr_sha384
> 
> The sha384 and hmac_sha384 DRBGs with and without prediction resistance
> were disallowed in an early version of the FIPS 140-3 Implementation
> Guidance document. Hence, the fips_allowed flag in struct alg_test_desc
> pertaining to the affected DRBGs was unset. The IG has been withdrawn
> and they are allowed again.
> 
> Furthermore, when the DRBGs are configured, /proc/crypto shows that
> drbg_*pr_sha384 and drbg_*pr_hmac_sha384 are fips-approved ("fips: yes")
> but because their self-tests are not run (a consequence of unsetting
> the fips_allowed flag), the drbgs won't load successfully with the seeming
> contradictory "fips: yes" in /proc/crypto.
> 
> This series contains a single patch that sets the fips_allowed flag in
> the sha384-impacted DRBGs, which restores the ability to load them in
> FIPS mode.
> 
> Link: https://lore.kernel.org/linux-crypto/979f4f6f-bb74-4b93-8cbf-6ed653604f0e@jvdsn.com/
> Link: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf
> 
> To: Herbert Xu <herbert@gondor.apana.org.au>
> To: David S. Miller <davem@davemloft.net>
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Signed-off-by: Jeff Barnes <jeffbarnes@linux.microsoft.com>
> ---
>  crypto/testmgr.c | 4 ++++
>  1 file changed, 4 insertions(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-06-23  9:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-17 19:30 [PATCH] crypto: Restore sha384 and hmac_sha384 drbgs in FIPS mode Jeff Barnes
2025-06-23  9:25 ` Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).