git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Eric Biggers <ebiggers@kernel.org>
	Sat, 11 Oct 2025 00:10:47 +0000 (17:10 -0700)
committer	Eric Biggers <ebiggers@kernel.org>
	Thu, 30 Oct 2025 05:04:24 +0000 (22:04 -0700)
commit	04cadb4fe0341304741ef60a297366b553f0ce36
tree	fd3edf7dd39617d4ae8fb52516bbb376830d1aae	tree \| snapshot
parent	dcb6fa37fd7bc9c3d2b066329b0d27dedf8becaa	commit \| diff

lib/crypto: Add FIPS self-tests for SHA-1 and SHA-2

Add FIPS cryptographic algorithm self-tests for all SHA-1 and SHA-2
algorithms.  Following the "Implementation Guidance for FIPS 140-3"
document, to achieve this it's sufficient to just test a single test
vector for each of HMAC-SHA1, HMAC-SHA256, and HMAC-SHA512.

Just run these tests in the initcalls, following the example of e.g.
crypto/kdf_sp800108.c.  Note that this should meet the FIPS self-test
requirement even in the built-in case, given that the initcalls run
before userspace, storage, network, etc. are accessible.

This does not fix a regression, seeing as lib/ has had SHA-1 support
since 2005 and SHA-256 support since 2018.  Neither ever had FIPS
self-tests.  Moreover, fips=1 support has always been an unfinished
feature upstream.  However, with lib/ now being used more widely, it's
now seeing more scrutiny and people seem to want these now [1][2].

[1] https://lore.kernel.org/r/3226361.1758126043@warthog.procyon.org.uk/
[2] https://lore.kernel.org/r/f31dbb22-0add-481c-aee0-e337a7731f8e@oracle.com/

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20251011001047.51886-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

lib/crypto/fips.h	[new file with mode: 0644]	blob
lib/crypto/sha1.c		diff \| blob \| blame \| history
lib/crypto/sha256.c		diff \| blob \| blame \| history
lib/crypto/sha512.c		diff \| blob \| blame \| history
scripts/crypto/gen-fips-testvecs.py	[new file with mode: 0755]	blob