Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode
On Thu, May 22, 2008 at 08:03:00AM +0800, Herbert Xu wrote: On Wed, May 21, 2008 at 04:09:38PM -0400, Neil Horman wrote: Patch to add checking of DES3 test vectors using CBC mode. FIPS-1402-2 compliance mandates that any supported mode of oepration must include a self test. This satisfies that requirement for cbc(des_ebe). Tested successfully by me Sorry but this makes no sense. The test vectors you're feeding into it are only one block long. For a single block (and no IV) there is no difference between ECB and CBC. So please add some real CBC test vectors for this. You're right, it doesn't make any sense. I'm sorry, I'm not sure what I'm thinking. I'll repost when I generate some test vectors. Patch rescinded. Sorry for the noise. Regards Neil Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- /*** *Neil Horman [EMAIL PROTECTED] *gpg keyid: 1024D / 0x92A74FA1 *http://pgp.mit.edu ***/ -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [dm-devel] Desynchronizing dm-raid1
All the ciphers comply, so the bug is only a theroretical issue (but I didn't check assembler versions --- they should be checked by the person who wrote them, assembler is write-only language). Since every current algorithm sets the flag could you invert its sense? Sorry to have to do this to you :) Thanks, There may be external modules. If you don't set the flag when it should be set, nothing happens (just a slight performance drop), if you set the flag when it shouldn't be set, you get data corruption. So the safest way is this meaning of flag, so that not-yet-reviewed algorithms set the flag to 0 and prevent data corruption. Mikulas -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [dm-devel] Desynchronizing dm-raid1
On Thu, May 22, 2008 at 08:32:45AM -0400, Mikulas Patocka wrote: There may be external modules. Sorry but we don't support external modules. They should be merged upstream rather than distributed in the wild. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html