diff options
| author | Jarod Wilson <jarod@redhat.com> | 2011-01-29 15:14:01 +1100 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2011-01-29 15:14:01 +1100 |
| commit | 2ea9cf31c700f0943b9669fdb9bd58b2573e5550 (patch) | |
| tree | 9c954416ee0ce9e39d865aab3b3ea5a3c1c7037a /crypto | |
| parent | 6cea8632d92d895ee8ab7f977e849f8ce53f9732 (diff) | |
| download | linux-crypto-2ea9cf31c700f0943b9669fdb9bd58b2573e5550.tar.gz linux-crypto-2ea9cf31c700f0943b9669fdb9bd58b2573e5550.zip | |
crypto: testmgr - mark xts(aes) as fips_allowed
We (Red Hat) are intending to include dm-crypt functionality, using
xts(aes) for disk encryption, as part of an upcoming FIPS-140-2
certification effort, and xts(aes) *is* on the list of possible
mode/cipher combinations that can be certified. To make that possible, we
need to mark xts(aes) as fips_allowed in the crypto subsystem.
A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests
passing successfully after this change.
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/testmgr.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 27ea9fe9..521fdb2f 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2453,6 +2453,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "xts(aes)", .test = alg_test_skcipher, + .fips_allowed = 1, .suite = { .cipher = { .enc = { |