Add a new helper function, alg_test_fips_disabled() containing the logic to decide if an algorithm is allowed to be tested.
Signed-off-by: Vegard Nossum <[email protected]> --- crypto/testmgr.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index a216cb8b8caf..ab7c6724d36f 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5771,6 +5771,17 @@ static int alg_fips_disabled(const char *driver, const char *alg) return -ECANCELED; } +static int alg_test_fips_disabled(const struct alg_test_desc *desc) +{ + if (!fips_enabled) + return 0; + + /* + * Only allow FIPS-allowed algorithms to be tested. + */ + return !(desc->fips_allowed & FIPS_ALLOWED); +} + int alg_test(const char *driver, const char *alg, u32 type, u32 mask) { int i; @@ -5795,7 +5806,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) if (i < 0) goto notest; - if (fips_enabled && !alg_test_descs[i].fips_allowed) + if (alg_test_fips_disabled(&alg_test_descs[i])) goto non_fips_alg; rc = alg_test_cipher(alg_test_descs + i, driver, type, mask); @@ -5808,10 +5819,9 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) goto notest; if (fips_enabled) { - if (j >= 0 && !alg_test_descs[j].fips_allowed) + if (j >= 0 && alg_test_fips_disabled(&alg_test_descs[j])) return -EINVAL; - - if (i >= 0 && !alg_test_descs[i].fips_allowed) + if (i >= 0 && alg_test_fips_disabled(&alg_test_descs[i])) goto non_fips_alg; } @@ -5855,7 +5865,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) if (i < 0) goto notest2; - if (fips_enabled && !alg_test_descs[i].fips_allowed) + if (alg_test_fips_disabled(&alg_test_descs[i])) goto non_fips_alg; rc = alg_test_skcipher(alg_test_descs + i, driver, type, mask); -- 2.39.3
