Skip to content
Snippets Groups Projects
  1. May 03, 2011
  2. Jan 28, 2011
    • Jarod Wilson's avatar
      crypto: testmgr - mark ghash as fips_allowed · 18c0ebd2
      Jarod Wilson authored
      
      A self-test failure in fips mode means a panic. Well, gcm(aes)
      self-tests currently fail in fips mode, as gcm is dependent on ghash,
      which semi-recently got self-test vectors added, but wasn't marked as a
      fips_allowed algorithm. Because of gcm's dependence on what is now seen
      as a non-fips_allowed algorithm, its self-tests refuse to run.
      Previously, ghash got a pass in fips mode, due to the lack of any test
      vectors at all, and thus gcm self-tests were able to run. After this
      patch, a 'modprobe tcrypt mode=35' no longer panics in fips mode, and
      successful self-test of gcm(aes) is reported.
      
      Signed-off-by: default avatarJarod Wilson <jarod@redhat.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      18c0ebd2
    • Jarod Wilson's avatar
      crypto: testmgr - mark xts(aes) as fips_allowed · 2918aa8d
      Jarod Wilson authored
      
      We (Red Hat) are intending to include dm-crypt functionality, using
      xts(aes) for disk encryption, as part of an upcoming FIPS-140-2
      certification effort, and xts(aes) *is* on the list of possible
      mode/cipher combinations that can be certified. To make that possible, we
      need to mark xts(aes) as fips_allowed in the crypto subsystem.
      
      A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests
      passing successfully after this change.
      
      Signed-off-by: default avatarJarod Wilson <jarod@redhat.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      2918aa8d
  3. Nov 13, 2010
  4. Aug 05, 2010
  5. Jun 03, 2010
  6. May 18, 2010
  7. Dec 23, 2009
  8. Nov 23, 2009
  9. Oct 27, 2009
  10. Sep 02, 2009
  11. Jul 02, 2009
  12. Jun 23, 2009
  13. Jun 01, 2009
  14. Mar 04, 2009
  15. Dec 24, 2008
  16. Aug 28, 2008
  17. Aug 13, 2008
    • Herbert Xu's avatar
      crypto: tcrypt - Fix AEAD chunk testing · f176e632
      Herbert Xu authored
      
      My changeset 4b22f0dd
      
      	crypto: tcrpyt - Remove unnecessary kmap/kunmap calls
      
      introduced a typo that broke AEAD chunk testing.  In particular,
      axbuf should really be xbuf.
      
      There is also an issue with testing the last segment when encrypting.
      The additional part produced by AEAD wasn't tested.  Similarly, on
      decryption the additional part of the AEAD input is mistaken for
      corruption.
      
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      f176e632
  18. Jul 10, 2008
Loading