lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <47404663.9NCU8GY7rF@tauon>
Date:	Fri, 23 Jan 2015 20:58:18 +0100
From:	Stephan Mueller <smueller@...ec.com>
To:	Jarod Wilson <jarod@...hat.com>
Cc:	linux-crypto@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] crypto/testmgr: mark rfc4106(gcm(aes)) as fips_allowed

Am Freitag, 23. Januar 2015, 12:42:15 schrieb Jarod Wilson:

Hi Jarod,

>This gcm variant is popular for ipsec use, and there are folks who
>would like to use it while in fips mode. Mark it with fips_allowed=1
>to facilitate that.

Acked-by: Stephan Mueller <smueller@...ec.com>

For the records: this change is ok as the RFC4106 "wrapper" only 
massages the input data like IV or keys without changing the 
cryptographic logic of GCM. As the basic cipher is not changed allowing 
RFC4106 is harmless with respect to FIPS 140-2 to use and apply this 
RFC4106 wrapper. This implies that the RFC4106 wrapper can be used in 
FIPS mode.
>
>CC: LKML <linux-kernel@...r.kernel.org>
>CC: Stephan Mueller <smueller@...ec.com>
>Signed-off-by: Jarod Wilson <jarod@...hat.com>
>---
> crypto/testmgr.c | 1 +
> 1 file changed, 1 insertion(+)
>
>diff --git a/crypto/testmgr.c b/crypto/testmgr.c
>index 235b1ff..758d028 100644
>--- a/crypto/testmgr.c
>+++ b/crypto/testmgr.c
>@@ -3293,6 +3293,7 @@ static const struct alg_test_desc
>alg_test_descs[] = { }, {
> 		.alg = "rfc4106(gcm(aes))",
> 		.test = alg_test_aead,
>+		.fips_allowed = 1,
> 		.suite = {
> 			.aead = {
> 				.enc = {


Ciao
Stephan


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ