From: Jeff Barnes Date: Thu, 23 Apr 2026 15:21:41 +0000 (-0400) Subject: crypto: testmgr - disallow RSA PKCS#1 SHA-1 sig algs in FIPS mode X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=76d2e560c76dabbf9f31f4311069e68610d1ac18;p=thirdparty%2Fkernel%2Flinux.git crypto: testmgr - disallow RSA PKCS#1 SHA-1 sig algs in FIPS mode When booted with fips=1, RSA signature generation using SHA-1 must not be available. However, pkcs1pad(rsa,sha1) can currently be instantiated because it is not present in alg_test_descs; alg_test() falls through the no_test path and succeeds, after which the algorithm appears in /proc/crypto as fips-capable. Add explicit alg_test_descs entries for pkcs1pad(rsa,sha1) and pkcs1(rsa,sha1) without marking them fips_allowed, so they are treated as not FIPS-allowed when fips=1 is enabled. Include both names to cover kernels where RSA sign/verify is provided via the pkcs1(...) signature template, while pkcs1pad(...) remains for the traditional wrapper naming and/or RSAES operations. Signed-off-by: Jeff Barnes Signed-off-by: Herbert Xu --- diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 4199b7d3e9fb9..9059bea7a5b03 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5198,6 +5198,9 @@ static const struct alg_test_desc alg_test_descs[] = { .suite = { .sig = __VECS(pkcs1_rsa_none_tv_template) } + }, { + .alg = "pkcs1(rsa,sha1)", + .test = alg_test_null, }, { .alg = "pkcs1(rsa,sha224)", .test = alg_test_null, @@ -5233,6 +5236,9 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "pkcs1pad(rsa)", .test = alg_test_null, .fips_allowed = 1, + }, { + .alg = "pkcs1pad(rsa,sha1)", + .test = alg_test_null, }, { .alg = "rfc3686(ctr(aes))", .generic_driver = "rfc3686(ctr(aes-lib))",