crypto: testmgr - disallow certain DRBG hash functions in FIPS mode (!1897) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Vladis Dronov requested to merge NefigTut/centos-stream-9:drbg-fips into main Jan 17, 2023

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2152131
Upstream Status: merged into herbert/cryptodev-2.6.git

According to FIPS 140-3 IG, section D.R "Hash Functions Acceptable for
Use in the SP 800-90A DRBGs", modules certified after May 16th, 2023
must not support the use of: SHA-224, SHA-384, SHA512-224, SHA512-256,
SHA3-224, SHA3-384. Disallow HMAC and HASH DRBGs using SHA-384 in FIPS
mode.
    
Signed-off-by: Vladis Dronov <vdronov@redhat.com>

Edited Jan 27, 2023 by Vladis Dronov

crypto: testmgr - disallow certain DRBG hash functions in FIPS mode

Merge request reports