Commit 2918aa8d authored by Jarod Wilson's avatar Jarod Wilson Committed by Herbert Xu

crypto: testmgr - mark xts(aes) as fips_allowed

We (Red Hat) are intending to include dm-crypt functionality, using
xts(aes) for disk encryption, as part of an upcoming FIPS-140-2
certification effort, and xts(aes) *is* on the list of possible
mode/cipher combinations that can be certified. To make that possible, we
need to mark xts(aes) as fips_allowed in the crypto subsystem.

A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests
passing successfully after this change.
Signed-off-by: default avatarJarod Wilson <jarod@redhat.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 33c7c0fb
...@@ -2453,6 +2453,7 @@ static const struct alg_test_desc alg_test_descs[] = { ...@@ -2453,6 +2453,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, { }, {
.alg = "xts(aes)", .alg = "xts(aes)",
.test = alg_test_skcipher, .test = alg_test_skcipher,
.fips_allowed = 1,
.suite = { .suite = {
.cipher = { .cipher = {
.enc = { .enc = {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment