|
|
|
Re: [PATCH] crypto: mark ghash as fips_allowed | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Wed, Jan 26, 2011 at 12:00:54PM -0500, Jarod Wilson wrote: > A self-test failure in fips mode means a panic. Well, gcm(aes) > self-tests currently fail in fips mode, as gcm is dependent on ghash, > which semi-recently got self-test vectors added, but wasn't marked as a > fips_allowed algorithm. Because of gcm's dependence on what is now seen > as a non-fips_allowed algorithm, its self-tests refuse to run. > Previously, ghash got a pass in fips mode, due to the lack of any test > vectors at all, and thus gcm self-tests were able to run. After this > patch, a 'modprobe tcrypt mode=35' no longer panics in fips mode, and > successful self-test of gcm(aes) is reported. > > Signed-off-by: Jarod Wilson <jarod@xxxxxxxxxx> Both patches applied. Thanks Jarod. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html