On Wed, Apr 07, 2021 at 03:15:51PM -0600, Jason A. Donenfeld wrote:
> Hi Hangbin,
>
> On Wed, Apr 7, 2021 at 5:39 AM Hangbin Liu wrote:
> >
> > As the cryptos(BLAKE2S, Curve25519, CHACHA20POLY1305) in WireGuard are not
> > FIPS certified, the WireGuard module should be disabled in FIPS mode.
>
>
Remove including that don't need it.
Signed-off-by: Tian Tao
Signed-off-by: Zhiqi Song
---
drivers/crypto/cavium/zip/common.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/crypto/cavium/zip/common.h
b/drivers/crypto/cavium/zip/common.h
index 58fb3ed..54f6fb0 100644
--- a/drivers/
On Wed, Apr 07, 2021 at 02:12:27PM -0700, Eric Biggers wrote:
> On Wed, Apr 07, 2021 at 07:39:20PM +0800, Hangbin Liu wrote:
> > As the cryptos(BLAKE2S, Curve25519, CHACHA20POLY1305) in WireGuard are not
> > FIPS certified, the WireGuard module should be disabled in FIPS mode.
> >
> > Signed-off-b
Hi Hongbo,
On 4/7/21 10:27 AM, hongbo li wrote:
> Hello Varad,
>
> I also made an implementation of rsa pss: "[PATCH v3 0/4] crypto: add
> rsa pss support for x509".
> I notice your patches and did some review, find the following
> differences between our patches:
> 1. You rework the rsa pad fra
Hi Hangbin,
On Wed, Apr 7, 2021 at 5:39 AM Hangbin Liu wrote:
>
> As the cryptos(BLAKE2S, Curve25519, CHACHA20POLY1305) in WireGuard are not
> FIPS certified, the WireGuard module should be disabled in FIPS mode.
I'm not sure this makes so much sense to do _in wireguard_. If you
feel like the FI
On Wed, Apr 07, 2021 at 07:39:20PM +0800, Hangbin Liu wrote:
> As the cryptos(BLAKE2S, Curve25519, CHACHA20POLY1305) in WireGuard are not
> FIPS certified, the WireGuard module should be disabled in FIPS mode.
>
> Signed-off-by: Hangbin Liu
I think you mean "FIPS allowed", not "FIPS certified"?
On Wed, Apr 07, 2021 at 06:04:21AM -0400, Chris von Recklinghausen wrote:
> Suspend fails on a system in fips mode because md5 is used for the e820
> integrity check and is not available. Use crc32 instead.
>
> Prior to this patch, MD5 is used only to create a digest to ensure integrity
> of
> th
On 4/6/21 5:49 PM, Sean Christopherson wrote:
> This series teaches __sev_do_cmd_locked() to gracefully handle vmalloc'd
> command buffers by copying _all_ incoming data pointers to an internal
> buffer before sending the command to the PSP. The SEV driver and KVM are
> then converted to use the s
On Wed, Apr 07, 2021 at 05:05:07PM +, Sean Christopherson wrote:
> I used memset() to defer initialization until after the various sanity
> checks,
I'd actually vote for that too - I don't like doing stuff which is not
going to be used. I.e., don't change what you have.
--
Regards/Gruss,
Hi David and Jarkko,
What is the status of this patchset? Could someone take it to -next?
Regards,
Mickaël
On 12/03/2021 18:12, Mickaël Salaün wrote:
> This new patch series is a rebase on David Howells's and Eric Snowberg's
> keys-cve-2020-26541-v3.
>
> I successfully tested this patch serie
On 4/6/21 5:49 PM, Sean Christopherson wrote:
> This series teaches __sev_do_cmd_locked() to gracefully handle vmalloc'd
> command buffers by copying _all_ incoming data pointers to an internal
> buffer before sending the command to the PSP. The SEV driver and KVM are
> then converted to use the
Le 07/04/2021 à 19:05, Sean Christopherson a écrit :
On Wed, Apr 07, 2021, Borislav Petkov wrote:
First of all, I'd strongly suggest you trim your emails when you reply -
that would be much appreciated.
On Wed, Apr 07, 2021 at 07:24:54AM +0200, Christophe Leroy wrote:
@@ -258,7 +240,7 @@ st
There is a error message within devm_ioremap_resource
already, so remove the dev_err call to avoid redundant
error message.
Signed-off-by: YueHaibing
---
drivers/crypto/atmel-tdes.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/crypto/atmel-tdes.c b/drivers/crypto/atmel-tdes.c
index
There is a error message within devm_ioremap_resource
already, so remove the dev_err call to avoid redundant
error message.
Signed-off-by: YueHaibing
---
drivers/crypto/ux500/cryp/cryp_core.c | 1 -
drivers/crypto/ux500/hash/hash_core.c | 1 -
2 files changed, 2 deletions(-)
diff --git a/driver
This patchset remove some redundant dev_err calls
YueHaibing (5):
crypto: atmel-tdes - Remove redundant dev_err call in
atmel_tdes_probe()
crypto: img-hash - Remove redundant dev_err call in img_hash_probe()
crypto: ux500 - Remove redundant dev_err calls
crypto: keembay - Remove redund
There is a error message within devm_ioremap_resource
already, so remove the dev_err call to avoid redundant
error message.
Signed-off-by: YueHaibing
---
drivers/crypto/ccree/cc_driver.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/crypto/ccree/cc_driver.c b/dri
devm_platform_ioremap_resource() and devm_ioremap_resource()
will print err msg while failing, so the redundant dev_err call
can be removed.
Signed-off-by: YueHaibing
---
drivers/crypto/img-hash.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/crypto/img-hash.c b/drivers/crypto/im
There is a error message within devm_ioremap_resource
already, so remove the dev_err call to avoid redundant
error message.
Signed-off-by: YueHaibing
---
drivers/crypto/keembay/keembay-ocs-aes-core.c | 4 +---
drivers/crypto/keembay/keembay-ocs-hcu-core.c | 4 +---
2 files changed, 2 insertions(
This patch adds support for ima verification for rsa with
pss encoding.
And a rsa-pss patch for ima-evm-utils has been sent.
Signed-off-by: Hongbo Li
---
security/integrity/digsig_asymmetric.c | 18 --
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/security/integ
This patch adds the test vector for rsa with pss encoding.
Signed-off-by: Hongbo Li
---
crypto/testmgr.c | 7 +
crypto/testmgr.h | 90
2 files changed, 97 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 10c5b3b..
This patch add the support of rsa-pss encoding which is described in
RFC8017 section 8.1 and section 9.1.
Similar to rsa-pkcs1, we create a pss template. Parse pss related params
mgfhash and saltlen in set_pub_key.
Implement a mgf function according to RFC8017 section B.2.
Implement the verificat
This patch make x509 support rsa with pss encoding. The sha algo is
in the RSASSA-PSS-params, so we need to parse the sha parameter, and
could skip other params.
Also add two oids used by rsa-pss.
Signed-off-by: Hongbo Li
---
crypto/asymmetric_keys/Makefile| 7 ++-
crypto/asymm
From: Hongbo Li
This series of patches add support for x509 cert signed by RSA
with PSS encoding method which is described in RFC8017 [1].
According to RFC8017, there're two encoding methods for signing and
verification. One is PKCS1-v1_5 which is already supported by linux,
the other one is PSS
As the cryptos(BLAKE2S, Curve25519, CHACHA20POLY1305) in WireGuard are not
FIPS certified, the WireGuard module should be disabled in FIPS mode.
Signed-off-by: Hangbin Liu
---
drivers/net/wireguard/main.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireguard/main.c b/driv
First of all, I'd strongly suggest you trim your emails when you reply -
that would be much appreciated.
On Wed, Apr 07, 2021 at 07:24:54AM +0200, Christophe Leroy wrote:
> > @@ -258,7 +240,7 @@ static int sev_issue_cmd(struct kvm *kvm, int id, void
> > *data, int *error)
> > static int sev_lau
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
Prior to this patch, MD5 is used only to create a digest to ensure integrity of
the region, no actual encryption is done. This patch set changes the integrity
check to u
Kunpeng930 supports trng and prng, but Kunpeng920 only supports trng.
Therefore, version information is added to ensure that prng is not
registered to Crypto subsystem on Kunpeng920.
Signed-off-by: Weili Qian
---
drivers/crypto/hisilicon/trng/trng.c | 13 ++---
1 file changed, 10 insert
在 2021/4/7 16:38, Jarkko Sakkinen 写道:
> On Tue, Apr 06, 2021 at 09:11:21PM +0800, Hongbo Li wrote:
>> From: Hongbo Li
>>
>> This series of patches adds support for x509 cert signed by RSA
>> with PSS encoding method. RSA PSS is described in rfc8017.
> Please also briefly describe it here AND also
submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url:
https://github.com/0day-ci/linux/commits/Hongbo-Li/crypto-add-rsa-pss-support-for-x509/20210407-115152
base:
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptod
On Tue, Apr 06, 2021 at 09:11:21PM +0800, Hongbo Li wrote:
> From: Hongbo Li
>
> This series of patches adds support for x509 cert signed by RSA
> with PSS encoding method. RSA PSS is described in rfc8017.
Please also briefly describe it here AND also provide link to the
RFC. In the way this cur
Hello Varad,
I also made an implementation of rsa pss: "[PATCH v3 0/4] crypto: add
rsa pss support for x509".
I notice your patches and did some review, find the following
differences between our patches:
1. You rework the rsa pad framework. This is reasonable.
2. You did some changes on the keyc
31 matches
Mail list logo
