* [PATCH] crypto: mark xts(aes) as fips_allowed
@ 2011-01-25 21:32 Jarod Wilson
0 siblings, 0 replies; only message in thread
From: Jarod Wilson @ 2011-01-25 21:32 UTC (permalink / raw)
To: linux-crypto; +Cc: Herbert Xu
We (Red Hat) are intending to include dm-crypt functionality, using
xts(aes) for disk encryption, as part of an upcoming FIPS-140-2
certification effort, and xts(aes) *is* on the list of possible
mode/cipher combinations that can be certified. To make that possible, we
need to mark xts(aes) as fips_allowed in the crypto subsystem.
A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests
passing successfully after this change.
Signed-off-by: Jarod Wilson <jarod@redhat.com>
---
crypto/testmgr.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 27ea9fe..521fdb2 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2453,6 +2453,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "xts(aes)",
.test = alg_test_skcipher,
+ .fips_allowed = 1,
.suite = {
.cipher = {
.enc = {
--
Jarod Wilson
jarod@redhat.com
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-01-25 21:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-01-25 21:32 [PATCH] crypto: mark xts(aes) as fips_allowed Jarod Wilson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.