Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode

2008-05-22 Thread Neil Horman 
On Thu, May 22, 2008 at 08:03:00AM +0800, Herbert Xu wrote:
 On Wed, May 21, 2008 at 04:09:38PM -0400, Neil Horman wrote:
  Patch to add checking of DES3 test vectors using CBC mode.  FIPS-1402-2
  compliance mandates that any supported mode of oepration must include a self
  test.  This satisfies that requirement for cbc(des_ebe).  Tested 
  successfully by
  me
 
 Sorry but this makes no sense.  The test vectors you're feeding
 into it are only one block long.  For a single block (and no IV)
 there is no difference between ECB and CBC.  So please add some
 real CBC test vectors for this.
 
You're right, it doesn't make any sense.  I'm sorry, I'm not sure what I'm
thinking.  I'll repost when I generate some test vectors.  Patch rescinded.
Sorry for the noise.

Regards
Neil

 Thanks,
 -- 
 Visit Openswan at http://www.openswan.org/
 Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
 Home Page: http://gondor.apana.org.au/~herbert/
 PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

-- 
/***
 *Neil Horman
 [EMAIL PROTECTED]
 *gpg keyid: 1024D / 0x92A74FA1
 *http://pgp.mit.edu
 ***/
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [dm-devel] Desynchronizing dm-raid1

2008-05-22 Thread Mikulas Patocka 

All the ciphers comply, so the bug is only a theroretical issue (but I
didn't check assembler versions --- they should be checked by the person
who wrote them, assembler is write-only language).


Since every current algorithm sets the flag could you invert
its sense? Sorry to have to do this to you :)

Thanks,


There may be external modules.

If you don't set the flag when it should be set, nothing happens (just a 
slight performance drop), if you set the flag when it shouldn't be set, 
you get data corruption. So the safest way is this meaning of flag, so 
that not-yet-reviewed algorithms set the flag to 0 and prevent data 
corruption.


Mikulas
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [dm-devel] Desynchronizing dm-raid1

2008-05-22 Thread Herbert Xu 
On Thu, May 22, 2008 at 08:32:45AM -0400, Mikulas Patocka wrote:

 There may be external modules.

Sorry but we don't support external modules.  They should be merged
upstream rather than distributed in the wild.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html