diff options
author | Jarod Wilson <jarod@redhat.com> | 2011-01-29 15:14:01 +1100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2011-01-29 15:14:01 +1100 |
commit | 2918aa8d1d4e7b4586a5a89dc8406e1d431f5129 (patch) | |
tree | 587c737af80f24a1356202ce0c981f3b5120f523 | |
parent | 33c7c0fb20dbbaca67fcf362f875758ba312f58d (diff) | |
download | lwn-2918aa8d1d4e7b4586a5a89dc8406e1d431f5129.tar.gz lwn-2918aa8d1d4e7b4586a5a89dc8406e1d431f5129.zip |
crypto: testmgr - mark xts(aes) as fips_allowed
We (Red Hat) are intending to include dm-crypt functionality, using
xts(aes) for disk encryption, as part of an upcoming FIPS-140-2
certification effort, and xts(aes) *is* on the list of possible
mode/cipher combinations that can be certified. To make that possible, we
need to mark xts(aes) as fips_allowed in the crypto subsystem.
A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests
passing successfully after this change.
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/testmgr.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 27ea9fe9476f..521fdb2f7cfd 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2453,6 +2453,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "xts(aes)", .test = alg_test_skcipher, + .fips_allowed = 1, .suite = { .cipher = { .enc = { |