aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJarod Wilson <jarod@redhat.com>2011-01-29 15:14:01 +1100
committerHerbert Xu <herbert@gondor.apana.org.au>2011-01-29 15:14:01 +1100
commit2918aa8d1d4e7b4586a5a89dc8406e1d431f5129 (patch)
tree587c737af80f24a1356202ce0c981f3b5120f523
parent33c7c0fb20dbbaca67fcf362f875758ba312f58d (diff)
crypto: testmgr - mark xts(aes) as fips_allowed
We (Red Hat) are intending to include dm-crypt functionality, using xts(aes) for disk encryption, as part of an upcoming FIPS-140-2 certification effort, and xts(aes) *is* on the list of possible mode/cipher combinations that can be certified. To make that possible, we need to mark xts(aes) as fips_allowed in the crypto subsystem. A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests passing successfully after this change. Signed-off-by: Jarod Wilson <jarod@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/testmgr.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 27ea9fe9476..521fdb2f7cf 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2453,6 +2453,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "xts(aes)",
.test = alg_test_skcipher,
+ .fips_allowed = 1,
.suite = {
.cipher = {
.enc = {