On Wednesday 13 May 2009 19:45:50 Herbert Xu wrote:
> On Wed, May 13, 2009 at 12:53:16PM -0400, Jarod Wilson wrote:
> >
> > It would likely need a LOT of polish, and I'm not sure if its at all
> > close to what we have (Herbert has?) in mind At the moment, it
> > consists of:
>
> The interfac
On Wed, May 13, 2009 at 12:53:16PM -0400, Jarod Wilson wrote:
>
> It would likely need a LOT of polish, and I'm not sure if its at all
> close to what we have (Herbert has?) in mind At the moment, it
> consists of:
The interface I had in mind can be found in the recent discussions
in the linu
On Wednesday 13 May 2009 10:02:25 Neil Horman wrote:
> On Wed, May 13, 2009 at 11:27:52PM +1000, Herbert Xu wrote:
> > On Wed, May 13, 2009 at 09:12:46AM -0400, Jarod Wilson wrote:
> > >
> > > Hm... FIPS has the requirement that we test all algs before we use any
> > > algs, self-tests on demand b
On Wed, May 13, 2009 at 09:37:32AM -0400, Jarod Wilson wrote:
>
> The latter option is more or less what the patch at the start of this
> thread did, although via a param to tcrypt, not keying off the fips
> flag. If I were to modify the patch to drop the mod param usage, and
> instead key off the
On Wed, May 13, 2009 at 11:27:52PM +1000, Herbert Xu wrote:
> On Wed, May 13, 2009 at 09:12:46AM -0400, Jarod Wilson wrote:
> >
> > Hm... FIPS has the requirement that we test all algs before we use any
> > algs, self-tests on demand before first use for each alg is
> > insufficient. At first blus
On Wednesday 13 May 2009 09:27:52 Herbert Xu wrote:
> On Wed, May 13, 2009 at 09:12:46AM -0400, Jarod Wilson wrote:
> >
> > Hm... FIPS has the requirement that we test all algs before we use any
> > algs, self-tests on demand before first use for each alg is
> > insufficient. At first blush, I'm n
On Wed, May 13, 2009 at 09:12:46AM -0400, Jarod Wilson wrote:
>
> Hm... FIPS has the requirement that we test all algs before we use any
> algs, self-tests on demand before first use for each alg is
> insufficient. At first blush, I'm not seeing how we ensure this
> happens. How can we trigger a c
On Wednesday 13 May 2009 07:38:19 Herbert Xu wrote:
> On Wed, May 13, 2009 at 07:08:26AM -0400, Neil Horman wrote:
> >
> > Not really sure I agree with the logic here. I agree that its pretty clear
> > that
> > its major value is for quickly testing all the algorithms in a system, but
> > univers
On Wed, May 13, 2009 at 07:08:26AM -0400, Neil Horman wrote:
>
> Not really sure I agree with the logic here. I agree that its pretty clear
> that
> its major value is for quickly testing all the algorithms in a system, but
> universally failing the loading of the module simply to save a few
> m
On Wed, May 13, 2009 at 11:30:50AM +1000, Herbert Xu wrote:
> On Tue, May 12, 2009 at 08:37:27PM -0400, Neil Horman wrote:
> >
> > > Would there be any objections to dropping the noexit parameter
> > > entirely and just making its behavior the default? It would make
> > > all users regardless of fi
On Tue, May 12, 2009 at 08:37:27PM -0400, Neil Horman wrote:
>
> > Would there be any objections to dropping the noexit parameter
> > entirely and just making its behavior the default? It would make
> > all users regardless of fips mode notice failures more readily.
> >
> I think thats a fine idea
On Tue, May 12, 2009 at 04:02:45PM -0400, Jarod Wilson wrote:
> On Monday 11 May 2009 10:06:32 Jarod Wilson wrote:
> > At present, the tcrypt module always exits with an -EAGAIN upon
> > successfully completing all the tests its been asked to run. There
> > are cases where it would be much simpler
On Monday 11 May 2009 10:06:32 Jarod Wilson wrote:
> At present, the tcrypt module always exits with an -EAGAIN upon
> successfully completing all the tests its been asked to run. There
> are cases where it would be much simpler to verify all tests passed
> if tcrypt simply stayed loaded (i.e. retu
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. There
are cases where it would be much simpler to verify all tests passed
if tcrypt simply stayed loaded (i.e. returned 0). Specifically, in
fips mode, all self-tests need to
14 matches
Mail list logo
