crypto: cts - document NIST standard status

cts(cbc(aes)) as used in the kernel has been added to NIST
standard as CBC-CS3. Document it as such.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Suggested-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

1 files changed, 5 insertions, 2 deletions

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 752005201013..06eb23cade43 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -430,11 +430,14 @@ config CRYPTO_CTS
         help
           CTS: Cipher Text Stealing
           This is the Cipher Text Stealing mode as described by
-          Section 8 of rfc2040 and referenced by rfc3962.
-          (rfc3962 includes errata information in its Appendix A)
+          Section 8 of rfc2040 and referenced by rfc3962
+          (rfc3962 includes errata information in its Appendix A) or
+          CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
           This mode is required for Kerberos gss mechanism support
           for AES encryption.
 
+          See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
+
 config CRYPTO_ECB
         tristate "ECB support"
         select CRYPTO_BLKCIPHER