| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Feb 2016 10:32:37 +0100
From: Marcus Meissner <meissner@...e.de>
To: herbert@...dor.apana.org.au, davem@...emloft.net,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
smueller@...onox.de
Cc: Marcus Meissner <meissner@...e.de>
Subject: [PATCH] crypto: fips: allow more ipsec related methods
IPSEC for aes-ctr requests:
authenc(digest_null,rfc3686(ctr(aes)))
which can be used in FIPS mode.
rfc3686(ctr(aes)) is already allowed for FIPS usage.
I also allowed "digest_null" for FIPS usage.
Signed-off-by: Marcus Meissner <meissner@...e.de>
---
crypto/testmgr.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 190a290..6ad8ba2 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2089,6 +2089,10 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+ .alg = "authenc(digest_null,rfc3686(ctr(aes)))",
+ .test = alg_test_null,
+ .fips_allowed = 1,
+ }, {
.alg = "authenc(hmac(md5),ecb(cipher_null))",
.test = alg_test_aead,
.suite = {
@@ -2768,6 +2772,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "digest_null",
.test = alg_test_null,
+ .fips_allowed = 1,
}, {
.alg = "drbg_nopr_ctr_aes128",
.test = alg_test_drbg,
--
2.1.4
Powered by blists - more mailing lists