Am Donnerstag, 24. September 2015, 18:24:35 schrieb John Haxby:
Hi John,
>No authenc() ciphers are FIPS approved, nor is ecb(des).
>After the end of 2015, ansi_cprng will also be non-approved.
>
>Signed-off-by: John Haxby
Acked-by: Stephan Mueller
Ciao
Stephan
--
To unsubscribe from this lis
On Mon, Sep 21, 2015 at 02:29:18PM +0900, Sergey Senozhatsky wrote:
> On (09/18/15 14:19), Joonsoo Kim wrote:
> > -/* Never return NULL, may sleep */
> > +/* May return NULL, may sleep */
> > struct zcomp_strm *zcomp_decompress_begin(struct zcomp *comp)
> > {
> > + if (comp->tfm_noctx)
> > +
On Mon, Sep 21, 2015 at 04:56:00PM +0900, Sergey Senozhatsky wrote:
> On (09/18/15 14:19), Joonsoo Kim wrote:
> [..]
> > + /*
> > +* Prepare to use crypto decompress_noctx API. One tfm is required
> > +* to initialize crypto algorithm properly and fetch corresponding
> > +* function p
On Mon, Sep 21, 2015 at 12:51:28PM +0900, Minchan Kim wrote:
> On Fri, Sep 18, 2015 at 02:19:24PM +0900, Joonsoo Kim wrote:
> > Crypto subsystem now supports decompress_noctx API that requires
> > special tfm_noctx. This tfm can be shared by multiple concurrent
> > decompress user because this API
On Mon, Sep 21, 2015 at 12:45:12PM +0900, Minchan Kim wrote:
> Hi Joonsoo,
>
> On Fri, Sep 18, 2015 at 02:19:23PM +0900, Joonsoo Kim wrote:
> > Until now, zram uses compression algorithm through direct call
> > to core algorithm function, but, it has drawback that we need to add
> > compression al
On Mon, Sep 21, 2015 at 02:38:59PM +0900, Sergey Senozhatsky wrote:
> On (09/18/15 14:19), Joonsoo Kim wrote:
> [..]
> > @@ -61,7 +61,8 @@ static struct crypto_alg alg = {
> > .cra_module = THIS_MODULE,
> > .cra_u = { .compress = {
> > .coa_compress
On Mon, Sep 21, 2015 at 02:19:03PM +0900, Sergey Senozhatsky wrote:
> On (09/18/15 14:19), Joonsoo Kim wrote:
> [..]
> > -static struct zcomp_backend *find_backend(const char *compress)
> > +static const char *find_backend(const char *compress)
> > {
> > int i = 0;
> > while (backends[i])
On Mon, Sep 21, 2015 at 03:18:17PM +0900, Sergey Senozhatsky wrote:
> On (09/18/15 14:19), Joonsoo Kim wrote:
> [..]
> > static int __init lzo_mod_init(void)
> > diff --git a/include/linux/crypto.h b/include/linux/crypto.h
> > index e71cb70..31152b1 100644
> > --- a/include/linux/crypto.h
> > +++
On Tue, Sep 22, 2015 at 08:43:46PM +0800, Herbert Xu wrote:
> On Fri, Sep 18, 2015 at 02:19:16PM +0900, Joonsoo Kim wrote:
> > Until now, tfm object embeds (de)compression context in it and
> > (de)compression in crypto API requires tfm object to use
> > this context. But, there are some algorithms
On Mon, Sep 21, 2015 at 12:58:12PM +0900, Minchan Kim wrote:
> On Fri, Sep 18, 2015 at 02:19:15PM +0900, Joonsoo Kim wrote:
> > This patchset makes zram to use crypto API in order to support
> > more compression algorithm.
> >
> > The reason we need to support vairous compression algorithms is tha
Hello All,
"Make fips=1 work on 4.1", they said, wittily, "it'll be easy."
I suppose it wasn't that complicated, although I seem to be unearthing
other problems as I go along. The first problem was dracut (and I owe
an upstream patch for that) and the second problem was tcrypt.
The tcrypt modul
No authenc() ciphers are FIPS approved, nor is ecb(des).
After the end of 2015, ansi_cprng will also be non-approved.
Signed-off-by: John Haxby
---
crypto/testmgr.c | 16
1 file changed, 16 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index fa18753..523c9b9 100
On 24/09/15 17:58, Stephan Mueller wrote:
> Am Donnerstag, 24. September 2015, 17:02:03 schrieb John Haxby:
>
> Hi John,
>
>> >Tests that contain non-FIPS ciphers and hashes cannot themselves be
>> >.fips-allowed because they will necessarily fail.
>> >
>> >Signed-off-by: John Haxby
> This is a
Am Donnerstag, 24. September 2015, 17:02:03 schrieb John Haxby:
Hi John,
>Tests that contain non-FIPS ciphers and hashes cannot themselves be
>.fips-allowed because they will necessarily fail.
>
>Signed-off-by: John Haxby
This is a good finding.
In fact, all authenc() ciphers are not FIPS appr
Hello All,
"Make fips=1 work on 4.1", they said, wittily, "it'll be easy."
I suppose it wasn't that complicated, although I seem to be unearthing
other problems as I go along. The first problem was dracut (and I owe
an upstream patch for that) and the second problem was tcrypt.
The tcrypt modul
Tests that contain non-FIPS ciphers and hashes cannot themselves be
.fips-allowed because they will necessarily fail.
Signed-off-by: John Haxby
---
crypto/testmgr.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index fa18753..68799dc 100644
--- a/c
Hi,
Shouldn't "walk" be memset ?
FILE:crypto/cbc.c
FUNCTION: crypto_cbc_encrypt
"walk" is local variable and its uninitialized in
"crypto_cbc_encrypt". The same is passed to
"blkcipher_walk_virt" which does below
walk->flags &= ~BLKCIPHER_WALK_PHYS;
So neither 'walk' nor 'walk->f
On Wed, Sep 23, 2015 at 5:54 AM, Herbert Xu wrote:
> On Tue, Sep 22, 2015 at 11:08:22AM -0400, Dan Streetman wrote:
>>
>> you think we should just strip out the 842-nx alignment/sizing code
>> and change it to fallback to the sw driver?
>
> Right, if the only intended user can provide aligned inpu
18 matches
Mail list logo
