lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1455010357-1295-1-git-send-email-meissner@suse.de>
Date:	Tue,  9 Feb 2016 10:32:37 +0100
From:	Marcus Meissner <meissner@...e.de>
To:	herbert@...dor.apana.org.au, davem@...emloft.net,
	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
	smueller@...onox.de
Cc:	Marcus Meissner <meissner@...e.de>
Subject: [PATCH] crypto: fips: allow more ipsec related methods

IPSEC for aes-ctr requests:

	authenc(digest_null,rfc3686(ctr(aes)))

which can be used in FIPS mode.

rfc3686(ctr(aes)) is already allowed for FIPS usage.

I also allowed "digest_null" for FIPS usage.

Signed-off-by: Marcus Meissner <meissner@...e.de>
---
 crypto/testmgr.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 190a290..6ad8ba2 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2089,6 +2089,10 @@ static const struct alg_test_desc alg_test_descs[] = {
 			}
 		}
 	}, {
+		.alg = "authenc(digest_null,rfc3686(ctr(aes)))",
+		.test = alg_test_null,
+		.fips_allowed = 1,
+	}, {
 		.alg = "authenc(hmac(md5),ecb(cipher_null))",
 		.test = alg_test_aead,
 		.suite = {
@@ -2768,6 +2772,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "digest_null",
 		.test = alg_test_null,
+		.fips_allowed = 1,
 	}, {
 		.alg = "drbg_nopr_ctr_aes128",
 		.test = alg_test_drbg,
-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ