From: Nicolai Stange <nstange@suse.de>
Date: Mon, 18 Jul 2022 12:32:41 +0200
Subject: [PATCH] crypto: testmgr - allow ecdsa-nist in FIPS mode
References: jsc#SLE-21132,bsc#1201258
Patch-mainline: Not yet, late change, might not be universally applicable

The kernel provides implementations of the NIST ECDSA signature verification
primitives. For key sizes of 256 and 384 bits respectively they are approved
and can be enabled in FIPS mode. Do so.

Signed-off-by: Nicolai Stange <nstange@suse.de>
---
 crypto/testmgr.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4923,12 +4923,14 @@ static const struct alg_test_desc alg_te
 	}, {
 		.alg = "ecdsa-nist-p256",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p256_tv_template)
 		}
 	}, {
 		.alg = "ecdsa-nist-p384",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p384_tv_template)
 		}