Am Freitag, 23. Januar 2015, 12:42:15 schrieb Jarod Wilson: Hi Jarod,
>This gcm variant is popular for ipsec use, and there are folks who >would like to use it while in fips mode. Mark it with fips_allowed=1 >to facilitate that. Acked-by: Stephan Mueller <[email protected]> For the records: this change is ok as the RFC4106 "wrapper" only massages the input data like IV or keys without changing the cryptographic logic of GCM. As the basic cipher is not changed allowing RFC4106 is harmless with respect to FIPS 140-2 to use and apply this RFC4106 wrapper. This implies that the RFC4106 wrapper can be used in FIPS mode. > >CC: LKML <[email protected]> >CC: Stephan Mueller <[email protected]> >Signed-off-by: Jarod Wilson <[email protected]> >--- > crypto/testmgr.c | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/crypto/testmgr.c b/crypto/testmgr.c >index 235b1ff..758d028 100644 >--- a/crypto/testmgr.c >+++ b/crypto/testmgr.c >@@ -3293,6 +3293,7 @@ static const struct alg_test_desc >alg_test_descs[] = { }, { > .alg = "rfc4106(gcm(aes))", > .test = alg_test_aead, >+ .fips_allowed = 1, > .suite = { > .aead = { > .enc = { Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
