Google Git
Sign in
android-kvm / linux / 1c4428b295884316eaff16be9c1d85f7c2361696
commit1c4428b295884316eaff16be9c1d85f7c2361696[log] [tgz]
authorNicolai Stange <nstange@suse.de>Thu Dec 29 22:17:05 2022 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>Fri Jan 06 17:15:46 2023 +0800
tree93daad08b6d207cffea11813ce6c96e641d92384
parent39a76cf1f5cecec2256ab2d20cf714573c5d994c [diff]
crypto: xts - restrict key lengths to approved values in FIPS mode

According to FIPS 140-3 IG C.I., only (total) key lengths of either
256 bits or 512 bits are allowed with xts(aes). Make xts_verify_key() to
reject anything else in FIPS mode.

As xts(aes) is the only approved xts() template instantiation in FIPS mode,
the new restriction implemented in xts_verify_key() effectively only
applies to this particular construction.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 file changed
tree: 93daad08b6d207cffea11813ce6c96e641d92384
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .cocciconfig
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .mailmap
  31. .rustfmt.toml
  32. COPYING
  33. CREDITS
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README