Searched hist:"1 c4428b2" (Results 1 – 1 of 1) sorted by relevance
/openbmc/linux/include/crypto/ |
H A D | xts.h | 1c4428b2 Thu Dec 29 15:17:05 CST 2022 Nicolai Stange <nstange@suse.de> crypto: xts - restrict key lengths to approved values in FIPS mode
According to FIPS 140-3 IG C.I., only (total) key lengths of either 256 bits or 512 bits are allowed with xts(aes). Make xts_verify_key() to reject anything else in FIPS mode.
As xts(aes) is the only approved xts() template instantiation in FIPS mode, the new restriction implemented in xts_verify_key() effectively only applies to this particular construction.
Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|