crypto: testmgr - mark xts(aes) as fips_allowed

We (Red Hat) are intending to include dm-crypt functionality, using
xts(aes) for disk encryption, as part of an upcoming FIPS-140-2
certification effort, and xts(aes) *is* on the list of possible
mode/cipher combinations that can be certified. To make that possible, we
need to mark xts(aes) as fips_allowed in the crypto subsystem.

A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests
passing successfully after this change.

Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 27ea9fe..521fdb2 100644 (file)
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2453,6 +2453,7 @@ static const struct alg_test_desc alg_test_descs[] = {
        }, {
                .alg = "xts(aes)",
                .test = alg_test_skcipher,
+               .fips_allowed = 1,
                .suite = {
                        .cipher = {
                                .enc = {