Add a new helper function, alg_test_fips_disabled() containing the
logic to decide if an algorithm is allowed to be tested.
Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
---
crypto/testmgr.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a216cb8b8caf..ab7c6724d36f 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5771,6 +5771,17 @@ static int alg_fips_disabled(const char *driver, const char *alg)
return -ECANCELED;
}
+static int alg_test_fips_disabled(const struct alg_test_desc *desc)
+{
+ if (!fips_enabled)
+ return 0;
+
+ /*
+ * Only allow FIPS-allowed algorithms to be tested.
+ */
+ return !(desc->fips_allowed & FIPS_ALLOWED);
+}
+
int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
{
int i;
@@ -5795,7 +5806,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if (i < 0)
goto notest;
- if (fips_enabled && !alg_test_descs[i].fips_allowed)
+ if (alg_test_fips_disabled(&alg_test_descs[i]))
goto non_fips_alg;
rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
@@ -5808,10 +5819,9 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
goto notest;
if (fips_enabled) {
- if (j >= 0 && !alg_test_descs[j].fips_allowed)
+ if (j >= 0 && alg_test_fips_disabled(&alg_test_descs[j]))
return -EINVAL;
-
- if (i >= 0 && !alg_test_descs[i].fips_allowed)
+ if (i >= 0 && alg_test_fips_disabled(&alg_test_descs[i]))
goto non_fips_alg;
}
@@ -5855,7 +5865,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if (i < 0)
goto notest2;
- if (fips_enabled && !alg_test_descs[i].fips_allowed)
+ if (alg_test_fips_disabled(&alg_test_descs[i]))
goto non_fips_alg;
rc = alg_test_skcipher(alg_test_descs + i, driver, type, mask);
--
2.39.3
