From 2918aa8d1d4e7b4586a5a89dc8406e1d431f5129 Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Sat, 29 Jan 2011 15:14:01 +1100 Subject: crypto: testmgr - mark xts(aes) as fips_allowed We (Red Hat) are intending to include dm-crypt functionality, using xts(aes) for disk encryption, as part of an upcoming FIPS-140-2 certification effort, and xts(aes) *is* on the list of possible mode/cipher combinations that can be certified. To make that possible, we need to mark xts(aes) as fips_allowed in the crypto subsystem. A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests passing successfully after this change. Signed-off-by: Jarod Wilson Signed-off-by: Herbert Xu --- crypto/testmgr.c | 1 + 1 file changed, 1 insertion(+) (limited to 'crypto') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 27ea9fe9476f..521fdb2f7cfd 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2453,6 +2453,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "xts(aes)", .test = alg_test_skcipher, + .fips_allowed = 1, .suite = { .cipher = { .enc = { -- cgit v1.2.3-70-g09d2