Re: [PATCH 0/3] enhance RNG api with flags to allow for different operational modes

2009-09-17 Thread Herbert Xu
On Thu, Sep 17, 2009 at 04:18:24PM -0400, Jarod Wilson wrote: > > Yeah, I like that solution as well, does feel less dirty. So > essentially, in fips mode, we'd wind up using fips(ansi_cprng) or > similar, while the self-tests are done against raw ansi_cprng, correct? Exactly. Cheers, -- Vis

Re: [PATCH 0/3] enhance RNG api with flags to allow for different operational modes

2009-09-17 Thread Jarod Wilson
On 09/17/2009 04:16 PM, Herbert Xu wrote: On Thu, Sep 17, 2009 at 01:08:24PM -0400, Neil Horman wrote: Just so that I'm clear on what your suggesting, you're approach would be to register two algs in ansi_cprng, a 'raw' cprng, and a 'fips compliant cprng' underneath that used the raw cprng as a

Re: [PATCH 0/3] enhance RNG api with flags to allow for different operational modes

2009-09-17 Thread Herbert Xu
On Thu, Sep 17, 2009 at 01:08:24PM -0400, Neil Horman wrote: > > Just so that I'm clear on what your suggesting, you're approach would be to > register two algs in ansi_cprng, a 'raw' cprng, and a 'fips compliant cprng' > underneath that used the raw cprng as a base, but implemented the continuity

Re: [PATCH 0/3] enhance RNG api with flags to allow for different operational modes

2009-09-17 Thread Neil Horman
On Thu, Sep 17, 2009 at 08:39:51AM -0700, Herbert Xu wrote: > On Thu, Sep 17, 2009 at 08:43:51AM -0400, Neil Horman wrote: > > > > As Jarod mentioned, currently only the NIST certification vectors and, as a > > result our testmgr vectors require disabling of the internal continuity > > test, > > b

Re: [PATCH 0/3] enhance RNG api with flags to allow for different operational modes

2009-09-17 Thread Herbert Xu
On Thu, Sep 17, 2009 at 08:43:51AM -0400, Neil Horman wrote: > > As Jarod mentioned, currently only the NIST certification vectors and, as a > result our testmgr vectors require disabling of the internal continuity test, > but to generalize from that, I would imagine that any set of certification >

Re: [PATCH 0/3] enhance RNG api with flags to allow for different operational modes

2009-09-17 Thread Neil Horman
On Wed, Sep 16, 2009 at 10:37:29PM -0500, Herbert Xu wrote: > On Wed, Sep 16, 2009 at 12:04:56PM -0400, Neil Horman wrote: > > > > So the question is, how do I make this RNG fips compliant without > > breaking some subset of users out there that rely on the predictability of > > the > > CPRNG?

Re: [PATCH 0/3] enhance RNG api with flags to allow for different operational modes

2009-09-17 Thread Jarod Wilson
On 09/16/2009 11:37 PM, Herbert Xu wrote: On Wed, Sep 16, 2009 at 12:04:56PM -0400, Neil Horman wrote: So the question is, how do I make this RNG fips compliant without breaking some subset of users out there that rely on the predictability of the CPRNG? The solution I've come up with