From: Stephan Müller <smueller@atsec.com>
Subject: FIPS: remove .fips_allowed = 1 for ansi_cprng
Patch-mainline: Not yet, apply early in 2015 for strict FIPS 140-2 compliance
References: bnc#875853

As per SP800-131A and NIST interpretation, the ANSI X9.31 DRNG is not allowed
to be used in new FIPS 140-2 validations. Thus, it is a non-approved cipher.

Pulling this flag disallows its use in FIPS mode.

Note, I do not recommend to upstream this change (yet) as for revalidations,
ANSI X9.31 is allowed till the end of this year.

Signed-off-by: Stephan Müller <smueller@atsec.com>
Acked-by: Torsten Duwe <duwe@suse.de>

---
 crypto/testmgr.c |    1 -
 1 file changed, 1 deletion(-)

--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1797,7 +1797,6 @@ static const struct alg_test_desc alg_te
 	}, {
 		.alg = "ansi_cprng",
 		.test = alg_test_cprng,
-		.fips_allowed = 1,
 		.suite = {
 			.cprng = {
 				.vecs = ansi_cprng_aes_tv_template,
