crypto: testmgr - disallow RSA PKCS#1 SHA-1 sig algs in FIPS mode

When booted with fips=1, RSA signature generation using SHA-1 must not be
available.  However, pkcs1pad(rsa,sha1) can currently be instantiated
because it is not present in alg_test_descs; alg_test() falls through the
no_test path and succeeds, after which the algorithm appears in
/proc/crypto as fips-capable.

Add explicit alg_test_descs entries for pkcs1pad(rsa,sha1) and
pkcs1(rsa,sha1) without marking them fips_allowed, so they are treated as
not FIPS-allowed when fips=1 is enabled.

Include both names to cover kernels where RSA sign/verify is provided via
the pkcs1(...) signature template, while pkcs1pad(...) remains for the
traditional wrapper naming and/or RSAES operations.

Signed-off-by: Jeff Barnes <jeffbarnes@linux.microsoft.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 4199b7d3e9fb9998ebad3ab6196dd97f131361f5..9059bea7a5b034e4964e4feae8ab2a40802e1b9f 100644 (file)
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5198,6 +5198,9 @@ static const struct alg_test_desc alg_test_descs[] = {
                .suite = {
                        .sig = __VECS(pkcs1_rsa_none_tv_template)
                }
+       }, {
+               .alg = "pkcs1(rsa,sha1)",
+               .test = alg_test_null,
        }, {
                .alg = "pkcs1(rsa,sha224)",
                .test = alg_test_null,
@@ -5233,6 +5236,9 @@ static const struct alg_test_desc alg_test_descs[] = {
                .alg = "pkcs1pad(rsa)",
                .test = alg_test_null,
                .fips_allowed = 1,
+       }, {
+               .alg = "pkcs1pad(rsa,sha1)",
+               .test = alg_test_null,
        }, {
                .alg = "rfc3686(ctr(aes))",
                .generic_driver = "rfc3686(ctr(aes-lib))",