crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode - kernel/linux.git

diff options

author	Ilya Dryomov <idryomov@gmail.com>	2026-06-03 18:50:04 +0300
committer	Herbert Xu <herbert@gondor.apana.org.au>	2026-06-12 04:56:45 +0300
commit	6b7e97752854b1f7bccc41864428ea3b55c53cde (patch)
tree	88bcadbc1c62ba35e26a9e9e25bd36f1e21aa492 /include/linux
parent	8d13f7a8450206e3f820cdb26e33e91d181071b4 (diff)
download	linux-6b7e97752854b1f7bccc41864428ea3b55c53cde.tar.xz

crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode

hmac(sha256), hmac(sha384) and cts(cbc(aes)) algorithms have been marked as FIPS allowed for years. Mark the respective authenc() constructions per RFC 8009 ("AES Encryption with HMAC-SHA2 for Kerberos 5") as such as well. SP 800-57 Part 3 Rev. 1 from Jan 2015 [1] links the draft of what became RFC 8009 in Oct 2016 as approved in section 6.3 Procurement Guidance (item/recommendation 3). [1] https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: