crypto: testmgr - mark xts(aes) as fips_allowed

We (Red Hat) are intending to include dm-crypt functionality, using xts(aes) for disk encryption, as part of an upcoming FIPS-140-2 certification effort, and xts(aes) *is* on the list of possible mode/cipher combinations that can be certified. To make that possible, we need to mark xts(aes) as fips_allowed in the crypto subsystem. A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests passing successfully after this change. Signed-off-by: Jarod Wilson <[email protected]> Signed-off-by: Herbert Xu <[email protected]>
kishon · Jan 29, 2011 · 2918aa8 · 2918aa8
1 parent 33c7c0f
commit 2918aa8
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
@@ -2453,6 +2453,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "xts(aes)",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {