diff options
| author | Dimitri John Ledkov <dimitri.ledkov@canonical.com> | 2023-10-30 14:05:14 +0200 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2023-11-17 19:16:29 +0800 |
| commit | a9dc62988600e57cabcca9b357cde4df8ee61fb5 (patch) | |
| tree | 663295d141688c880cb0b8246fb5a7fcdd5d91f3 /crypto | |
| parent | 7ee44f1b59df29419e1bfdfd118fbcdd83c5398c (diff) | |
crypto: drbg - update FIPS CTR self-checks to aes256
When originally drbg was introduced FIPS self-checks for all types but
CTR were using the most preferred parameters for each type of
DRBG. Update CTR self-check to use aes256.
This patch updates code from 541af946fe ("crypto: drbg - SP800-90A
Deterministic Random Bit Generator"), but is not interesting to
cherry-pick for stable updates, because it doesn't affect regular
builds, nor has any tangible effect on FIPS certifcation.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/drbg.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/drbg.c b/crypto/drbg.c index e3baaa5777f9..52731bc57e70 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1478,8 +1478,8 @@ static int drbg_generate(struct drbg_state *drbg, err = alg_test("drbg_pr_hmac_sha256", "drbg_pr_hmac_sha256", 0, 0); else if (drbg->core->flags & DRBG_CTR) - err = alg_test("drbg_pr_ctr_aes128", - "drbg_pr_ctr_aes128", 0, 0); + err = alg_test("drbg_pr_ctr_aes256", + "drbg_pr_ctr_aes256", 0, 0); else err = alg_test("drbg_pr_sha256", "drbg_pr_sha256", 0, 0); @@ -2017,7 +2017,7 @@ static inline int __init drbg_healthcheck_sanity(void) return 0; #ifdef CONFIG_CRYPTO_DRBG_CTR - drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); + drbg_convert_tfm_core("drbg_nopr_ctr_aes256", &coreref, &pr); #endif #ifdef CONFIG_CRYPTO_DRBG_HASH drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); |