[0/4] Trivial set of FIPS 140-3 related changes

Message ID	20221108142025.13461-1-nstange@suse.de (mailing list archive)
Headers	show Return-Path: <linux-crypto-owner@kernel.org> From: Nicolai Stange <nstange@suse.de> To: Herbert Xu <herbert@gondor.apana.org.au>, "David S. Miller" <davem@davemloft.net> Cc: Vladis Dronov <vdronov@redhat.com>, Stephan Mueller <smueller@chronox.de>, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Nicolai Stange <nstange@suse.de> Subject: [PATCH 0/4] Trivial set of FIPS 140-3 related changes Date: Tue, 8 Nov 2022 15:20:21 +0100 Message-Id: <20221108142025.13461-1-nstange@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Trivial set of FIPS 140-3 related changes \| expand [0/4] Trivial set of FIPS 140-3 related changes [1/4] crypto: xts - restrict key lengths to approved values in FIPS mode [2/4] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode [3/4] crypto: testmgr - disallow plain ghash in FIPS mode [4/4] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode [5/6] crypto: xts - drop xts_check_key() [6/6] crypto: xts - drop redundant xts key check

Message ID

20221108142025.13461-1-nstange@suse.de (mailing list archive)

Headers

From: Nicolai Stange <nstange@suse.de>
To: Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>
Cc: Vladis Dronov <vdronov@redhat.com>,
        Stephan Mueller <smueller@chronox.de>,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        Nicolai Stange <nstange@suse.de>
Subject: [PATCH 0/4] Trivial set of FIPS 140-3 related changes
Date: Tue,  8 Nov 2022 15:20:21 +0100
Message-Id: <20221108142025.13461-1-nstange@suse.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Trivial set of FIPS 140-3 related changes | expand

Message

Nicolai Stange Nov. 8, 2022, 2:20 p.m. UTC

Hi all,

these four rather unrelated patches are basically a dump of some of the
more trivial changes required for working towards FIPS 140-3 conformance.

Please pick as you deem appropriate.

Thanks!

Nicolai

Nicolai Stange (4):
  crypto: xts - restrict key lengths to approved values in FIPS mode
  crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode
  crypto: testmgr - disallow plain ghash in FIPS mode
  crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode

 crypto/testmgr.c     | 4 ++--
 include/crypto/xts.h | 7 +++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

Comments

Vladis Dronov Dec. 21, 2022, 3:24 p.m. UTC | #1

Hi Nicolai, Robert, Herbert, all,

I would like to revive this older upstream email thread. I would like
to address notes from reviewers (namely, Robert) by additional patches
so the whole patchset can be accepted. This should ease our future
kernel work re: FIPS.

The below 2 patches address (I hope) both notes Robert and Herbert have
provided (thanks!). I hope the whole patchset can be accepted then.

Logically my 2 patches should follow [PATCH 1/4] and be patches 2 and 3.
Herbert is it possible to reorder them when accepting?

Thank you! and

Best regards,
Vladis

Vladis Dronov (2):
  crypto: xts - drop xts_check_key()
  crypto: xts - drop redundant xts key check

Eric Biggers Dec. 21, 2022, 8:46 p.m. UTC | #2

On Wed, Dec 21, 2022 at 04:24:00PM +0100, Vladis Dronov wrote:
> Hi Nicolai, Robert, Herbert, all,
> 
> I would like to revive this older upstream email thread. I would like
> to address notes from reviewers (namely, Robert) by additional patches
> so the whole patchset can be accepted. This should ease our future
> kernel work re: FIPS.
> 
> The below 2 patches address (I hope) both notes Robert and Herbert have
> provided (thanks!). I hope the whole patchset can be accepted then.
> 
> Logically my 2 patches should follow [PATCH 1/4] and be patches 2 and 3.
> Herbert is it possible to reorder them when accepting?
> 
> Thank you! and
> 
> Best regards,
> Vladis

Please just resend the whole series, with the --base option to git format-patch
used, so that reviewers don't have to try to piece it together.

- Eric

Vladis Dronov Dec. 21, 2022, 10:49 p.m. UTC | #3

Hi,

On Wed, Dec 21, 2022 at 9:56 PM Eric Biggers <ebiggers@kernel.org> wrote:
>
> On Wed, Dec 21, 2022 at 04:24:00PM +0100, Vladis Dronov wrote:
> > Hi Nicolai, Robert, Herbert, all,
> >
> > I would like to revive this older upstream email thread. I would like
> > to address notes from reviewers (namely, Robert) by additional patches
> > so the whole patchset can be accepted. This should ease our future
> > kernel work re: FIPS.
> >
> > The below 2 patches address (I hope) both notes Robert and Herbert have
> > provided (thanks!). I hope the whole patchset can be accepted then.
> >
> > Logically my 2 patches should follow [PATCH 1/4] and be patches 2 and 3.
> > Herbert is it possible to reorder them when accepting?
> >
> > Thank you! and
> >
> > Best regards,
> > Vladis
>
> Please just resend the whole series, with the --base option to git format-patch
> used, so that reviewers don't have to try to piece it together.

Thank you, Eric, the patchset was resend with a proper ordering:

https://lore.kernel.org/linux-crypto/20221221224111.19254-1-vdronov@redhat.com/T/#t
with a subject: [PATCH 0/6] Trivial set of FIPS 140-3 related changes

Best regards,
Vladis