lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <831c7380f7d89fd8fb3a3043cf3b3d01001ae0be.camel@redhat.com>
Date:   Tue, 14 Jun 2022 10:15:24 -0400
From:   Simo Sorce <simo@...hat.com>
To:     David Howells <dhowells@...hat.com>,
        Herbert Xu <herbert@...dor.apana.org.au>
Cc:     Jarkko Sakkinen <jarkko@...nel.org>, keyrings@...r.kernel.org,
        linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/2] certs: Add FIPS self-test for signature verification

On Mon, 2022-06-13 at 22:56 +0100, David Howells wrote:
> Hi Herbert,
> 
> If you could look over this pair of patches?  The second patch adds a simple
> selftest to allow the signature verification code so that it can be FIPS
> compliant.  The first moves load_certificate_list() to the asymmetric key code
> to make this easier and renames it.
> 
> I generated the test data myself, but I'm open to using some standard test
> data if you know of some; we don't want too much, however, as it's
> incompressible.  Also, it has avoid blacklist checks on the keys it is using,
> lest the UEFI blacklist cause the selftest to fail.
> 
> The patches can be found on the following branch:
> 
> 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
> 
> David
> ---
> David Howells (2):
>       certs: Move load_certificate_list() to be with the asymmetric keys code
>       certs: Add FIPS selftests
> 
> 
>  certs/Makefile                           |   4 +-
>  certs/blacklist.c                        |   8 +-
>  certs/common.c                           |  57 ------
>  certs/common.h                           |   9 -
>  certs/system_keyring.c                   |   6 +-
>  crypto/asymmetric_keys/Kconfig           |  10 +
>  crypto/asymmetric_keys/Makefile          |   2 +
>  crypto/asymmetric_keys/selftest.c        | 224 +++++++++++++++++++++++
>  crypto/asymmetric_keys/x509_loader.c     |  57 ++++++
>  crypto/asymmetric_keys/x509_parser.h     |   9 +
>  crypto/asymmetric_keys/x509_public_key.c |   8 +-
>  include/keys/asymmetric-type.h           |   3 +
>  12 files changed, 321 insertions(+), 76 deletions(-)
>  delete mode 100644 certs/common.c
>  delete mode 100644 certs/common.h
>  create mode 100644 crypto/asymmetric_keys/selftest.c
>  create mode 100644 crypto/asymmetric_keys/x509_loader.c
> 
> 

Reviewed-by: Simo Sorce <simo@...hat.com>

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ