| Message ID | 1443110523-23473-2-git-send-email-john.haxby@oracle.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Herbert Xu |
| Headers | show |
Am Donnerstag, 24. September 2015, 17:02:03 schrieb John Haxby: Hi John, >Tests that contain non-FIPS ciphers and hashes cannot themselves be >.fips-allowed because they will necessarily fail. > >Signed-off-by: John Haxby <john.haxby@oracle.com> This is a good finding. In fact, all authenc() ciphers are not FIPS approved ciphers. The flag for that should be removed for all of those. After checking in detail, the following FIPS flags should be removed as well: - ecb(des) - ansi_cprng (at least at the end of this year) Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 24/09/15 17:58, Stephan Mueller wrote: > Am Donnerstag, 24. September 2015, 17:02:03 schrieb John Haxby: > > Hi John, > >> >Tests that contain non-FIPS ciphers and hashes cannot themselves be >> >.fips-allowed because they will necessarily fail. >> > >> >Signed-off-by: John Haxby <john.haxby@oracle.com> > This is a good finding. > > In fact, all authenc() ciphers are not FIPS approved ciphers. > > The flag for that should be removed for all of those. > > After checking in detail, the following FIPS flags should be removed as well: > > - ecb(des) > > - ansi_cprng (at least at the end of this year) Thanks Stephan. Updated patch on its way. jch -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index fa18753..68799dc 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2080,7 +2080,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(md5),ecb(cipher_null))", .test = alg_test_aead, - .fips_allowed = 1, .suite = { .aead = { .enc = { @@ -2110,7 +2109,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha1),cbc(des))", .test = alg_test_aead, - .fips_allowed = 1, .suite = { .aead = { .enc = { @@ -2138,7 +2136,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha1),ecb(cipher_null))", .test = alg_test_aead, - .fips_allowed = 1, .suite = { .aead = { .enc = { @@ -2158,7 +2155,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha224),cbc(des))", .test = alg_test_aead, - .fips_allowed = 1, .suite = { .aead = { .enc = { @@ -2200,7 +2196,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha256),cbc(des))", .test = alg_test_aead, - .fips_allowed = 1, .suite = { .aead = { .enc = { @@ -2228,7 +2223,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha384),cbc(des))", .test = alg_test_aead, - .fips_allowed = 1, .suite = { .aead = { .enc = { @@ -2270,7 +2264,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha512),cbc(des))", .test = alg_test_aead, - .fips_allowed = 1, .suite = { .aead = { .enc = {
Tests that contain non-FIPS ciphers and hashes cannot themselves be .fips-allowed because they will necessarily fail. Signed-off-by: John Haxby <john.haxby@oracle.com> --- crypto/testmgr.c | 7 ------- 1 file changed, 7 deletions(-)