Patch to add checking of DES3 test vectors using CBC mode. FIPS-1402-2
compliance mandates that any supported mode of oepration must include a self
test. This satisfies that requirement for cbc(des_ebe). Tested successfully by
me
Regards
Neil
Signed-off-by: Neil Horman [EMAIL PROTECTED
On Thu, May 22, 2008 at 08:03:00AM +0800, Herbert Xu wrote:
On Wed, May 21, 2008 at 04:09:38PM -0400, Neil Horman wrote:
Patch to add checking of DES3 test vectors using CBC mode. FIPS-1402-2
compliance mandates that any supported mode of oepration must include a self
test. This satisfies
over, truncating it to 128 bytes, and encrypting it with
openssl using the aformentioned key. Tested successfully by myself
Regards
Neil
Signed-off-by: Neil Horman [EMAIL PROTECTED]
tcrypt.c |8 +
tcrypt.h | 93 ---
2 files
On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote:
On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken Rüegsegger wrote:
I was wondering why you created your own test vectors. Wouldn't
standardized test vectors by NIST or ANSI be preferable?
If you could post a patch with
On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote:
Neil Horman wrote:
On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
Could you document the source of these vectors in the patch
description please?
Sure, reposting
Patch to add checking of DES3
On Sun, Jun 01, 2008 at 03:44:23AM +0200, Adrian-Ken Rueegsegger wrote:
Neil Horman wrote:
On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote:
On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken Rüegsegger wrote:
I was wondering why you created your own test vectors. Wouldn't
On Sun, Jun 01, 2008 at 06:09:46PM +0200, Adrian-Ken Rueegsegger wrote:
Neil Horman wrote:
On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote:
Neil Horman wrote:
On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
Could you document the source of these vectors
On Mon, Jun 02, 2008 at 12:43:46AM +0200, Adrian-Ken Rueegsegger wrote:
Neil Horman wrote:
On Sun, Jun 01, 2008 at 06:09:46PM +0200, Adrian-Ken Rueegsegger wrote:
Neil Horman wrote:
On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote:
Neil Horman wrote:
[snip
for the trouble!
Regards
Neil
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
/
* Neil
On Mon, Jun 02, 2008 at 10:48:48PM +1000, Herbert Xu wrote:
On Mon, Jun 02, 2008 at 08:45:42AM -0400, Neil Horman wrote:
Copy that. I think I found the problem, anyway. The verdict is that
Adrian was
right, and I'm klutz. I mixed up the output vector from a successful and a
failed
On Mon, Jun 02, 2008 at 10:19:50PM +0200, Adrian-Ken Rueegsegger wrote:
Neil Horman wrote:
On Mon, Jun 02, 2008 at 10:48:48PM +1000, Herbert Xu wrote:
On Mon, Jun 02, 2008 at 08:45:42AM -0400, Neil Horman wrote:
Copy that. I think I found the problem, anyway. The verdict is that
Adrian
: creation of files prng.c and prng.h
2/2: Addition of Kconfig Makefile rules to build code
Regards
Neil
Signed-off-by: Neil Horman [EMAIL PROTECTED]
--
/***
*Neil Horman
[EMAIL PROTECTED]
*gpg keyid: 1024D / 0x92A74FA1
*http://pgp.mit.edu
Patch 1/2: Add prng files to source tree
Signed-off-by: Neil Horman [EMAIL PROTECTED]
prng.c | 409 +
prng.h | 27
2 files changed, 436 insertions(+)
diff --git a/crypto/prng.c b/crypto/prng.c
new file mode 100644
index
Patch 2/2: Add Kconfig Makefile support to build prng module
Signed-off-by: Neil Horman [EMAIL PROTECTED]
Kconfig |9 +
Makefile |2 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 795e31c..615ce9b 100644
--- a/crypto
On Fri, Jul 04, 2008 at 10:44:15AM +0200, Sebastian Siewior wrote:
* Neil Horman | 2008-07-03 22:10:28 [-0400]:
On Fri, Jul 04, 2008 at 01:36:33AM +0200, Andi Kleen wrote:
Sebastian Siewior [EMAIL PROTECTED] writes:
Anything wrong with get_random_bytes()?
Whats the advantage over
Fixing a silly bug that I missed in the initial submission
Fix the repetition test in prng to update on each iteration. Currently we check
against the last iteration to make sure the given prng context isn't stuck, but
we never update the last data buffer.
Best
Neil
Signed-off-by: Neil Horman
On Wed, Jul 16, 2008 at 08:45:33PM +0800, Herbert Xu wrote:
On Thu, Jul 03, 2008 at 04:21:02PM -0400, Neil Horman wrote:
+ * See http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf
+ * for implementation details
BTW, any reason why counter mode is used? This document
On Wed, Jul 16, 2008 at 09:44:56PM +0800, Herbert Xu wrote:
On Thu, Jul 03, 2008 at 04:21:02PM -0400, Neil Horman wrote:
+ /*
+* Now update our DT value
+*/
+ for (i=DEFAULT_BLK_SZ-1;i0;i--) {
+ ctx-DT[i] = ctx-DT[i-1];
+ }
+ ctx-DT[0] += 1;
Is there any
Fixing a few misc bugs in prng.c:
- Remove prng_key/prng_iv from prng_context (both kept in tfm ptr)
- Making _get_more_prng_bytes return meaningful err codes (not just -1/0)
Signed-off-by: Neil Horman [EMAIL PROTECTED]
crypto/prng.c | 26 +-
firmware
On Thu, Jul 17, 2008 at 03:48:56PM +0800, Herbert Xu wrote:
On Wed, Jul 16, 2008 at 04:32:00PM -0400, Neil Horman wrote:
Bring prng into better alignment with specificaion:
- Convert to using Generic AES 128 bit cipher
- Convert DT to be a non-shifted counter, increasing counter
Hey-
Patch to expand the linux crypto api to allow for the registration and
allocation of various random number generators. Tested successfully by me.
Regards
Neil
Signed-off-by: Neil Horman [EMAIL PROTECTED]
crypto/Makefile |2 -
crypto/prng.c | 94
Patch to obscure state information on free in prng code. Keeps prying eyes from
sifting through your trash :)
Regards
Neil
Signed-off-by: Neil Horman [EMAIL PROTECTED]
prng.c |1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/prng.c b/crypto/prng.c
index b203093..fc6fa28 100644
On Thu, Aug 14, 2008 at 09:51:38PM +1000, Herbert Xu wrote:
On Mon, Aug 11, 2008 at 04:26:07PM -0400, Neil Horman wrote:
Patch to obscure state information on free in prng code. Keeps prying eyes
from
sifting through your trash :)
Thanks Neil. I've merged this with the original patch
Herbert!
Acked-by: Neil Horman [EMAIL PROTECTED]
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
commit
) += proc.o
crypto_algapi-objs := algapi.o scatterwalk.o $(crypto_algapi-y)
--
/
* Neil Horman [EMAIL PROTECTED]
* Software Engineer, Red Hat
/
--
To unsubscribe from this list: send
be to panic the system if we were
in fips mode and failed a self test. This patch implements that functionality.
I've built and run it successfully with and
Regards
Neil
Signed-off-by: Neil Horman [EMAIL PROTECTED]
testmgr.c |7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff
. This patch extends that tuple
to now be {V key DT}, with DT an optional value during reset. This patch also
fixes a bug we noticed in which the offset of the key area of the seed is
started at DEFAULT_PRNG_KSZ rather than DEFAULT_BLK_SZ as it should be.
Regards
Neil
Signed-off-by: Neil Horman
Horman [EMAIL PROTECTED]
Neil
--
/
* Neil Horman [EMAIL PROTECTED]
* Software Engineer, Red Hat
/
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body
to.
Signed-off-by: Jarod Wilson ja...@redhat.com
This looks good to me. Thanks Jarod!
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http
, we should do it
in the case of a failure for the continuous test in the CPRNG as well. This
patch implements that change
Signed-off-by: Neil Horman nhor...@tuxdriver.com
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index 0fac8ff..7eef5be 100644
--- a/crypto/ansi_cprng.c
+++ b/crypto
, and be more secure.
Signed-off-by: Neil Horman nhor...@redhat.com
ansi_cprng.c | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index 7eef5be..d9c3971 100644
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -348,7
On Wed, Feb 25, 2009 at 02:48:19PM +0100, Frank Seidel wrote:
From: Frank Seidel fr...@f-seidel.de
Applying kernel janitors todos (printk calls need KERN_*
constants on linebeginnings, reduce stack footprint where
possible) to tcrypts test_hash_speed (where stacks
memory footprint was very
high (on i386 1184 bytes to
160 now).
Signed-off-by: Frank Seidel fr...@f-seidel.de
Looks good, thanks Frank
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo
On Thu, Apr 09, 2009 at 03:16:53PM -0400, Jarod Wilson wrote:
On Thursday 09 April 2009 14:52:04 Neil Horman wrote:
On Thu, Apr 09, 2009 at 02:34:59PM -0400, Jarod Wilson wrote:
Patch is against current cryptodev-2.6 tree, successfully tested via
'modprobe tcrypt type=45'. The number
On Tue, Apr 28, 2009 at 09:18:22PM -0400, Jarod Wilson wrote:
Per the NIST AESAVS document, Appendix A[1], it isn't possible to
have automated self-tests for counter-mode AES, but people are
misled to believe something is wrong by the message that says there
is no test for ctr(aes). Simply
))
+ printk(KERN_INFO alg: self-tests for %s (%s) passed\n,
+driver, alg);
return rc;
}
EXPORT_SYMBOL_GPL(alg_test);
--
Jarod Wilson
ja...@redhat.com
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line
additional CPRNG
support...
Successfully tested against the cryptodev-2.6 tree and a
Red Hat Enterprise Linux 5.x kernel with the follow-on
patch that adds the actual test vectors.
Signed-off-by: Jarod Wilson ja...@redhat.com
Thanks Jarod!
Acked-by: Neil Horman nhor...@tuxdriver.com
-by: Jarod Wilson ja...@redhat.com
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Apr 30, 2009 at 05:13:25PM -0400, Jarod Wilson wrote:
On Wednesday 29 April 2009 08:46:47 Jarod Wilson wrote:
On Wednesday 29 April 2009 06:50:35 Neil Horman wrote:
On Tue, Apr 28, 2009 at 09:18:22PM -0400, Jarod Wilson wrote:
Per the NIST AESAVS document, Appendix A[1], it isn't
/index.html
Important note: allowed/approved here does NOT mean validated, just
that its an alg that *could* be validated.
Resending with properly updated patch v2 tag.
Signed-off-by: Jarod Wilson ja...@redhat.com
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list
mode.
Resending with properly updated patch v2 tag.
Signed-off-by: Jarod Wilson ja...@redhat.com
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info
On Wed, May 13, 2009 at 11:30:50AM +1000, Herbert Xu wrote:
On Tue, May 12, 2009 at 08:37:27PM -0400, Neil Horman wrote:
Would there be any objections to dropping the noexit parameter
entirely and just making its behavior the default? It would make
all users regardless of fips mode
On Wed, May 13, 2009 at 11:27:52PM +1000, Herbert Xu wrote:
On Wed, May 13, 2009 at 09:12:46AM -0400, Jarod Wilson wrote:
Hm... FIPS has the requirement that we test all algs before we use any
algs, self-tests on demand before first use for each alg is
insufficient. At first blush, I'm
to exceed the current 1 page size, at which point we can spend the time
to modify the testmanager to make use of scatter/gather chains to handle the
longer vectors.
Neil
Acked-by: Neil Horman nhor...@tuxdriver.com
---
crypto/testmgr.c | 34 ++
1 files changed, 34
that fips mode is selected during
bootup.
Neil
Signed-off-by: Neil Horman nhor...@tuxdriver.com
diff --git a/crypto/internal.h b/crypto/internal.h
index fc76e1f..150d389 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -26,12 +26,6 @@
#include linux/rwsem.h
#include linux/slab.h
-#ifdef
On Thu, Jun 04, 2009 at 03:14:10PM -0500, Matt Mackall wrote:
On Thu, 2009-06-04 at 15:50 -0400, Neil Horman wrote:
FIPS-140 requires that all random number generators implement continuous
self
tests in which each extracted block of data is compared against the last
block
On Fri, Jun 05, 2009 at 10:30:06AM +1000, Herbert Xu wrote:
On Thu, Jun 04, 2009 at 08:04:56PM -0400, Neil Horman wrote:
Not sure what to do about this. The intent is to provide the external
reference
to the fips_enabled flag (which is either defined as an extern in or
#defined
this api accessible within interrupt context, but that
can probably wait until we have a user in said context, to find the best way to
do that. Herbert, can you apply this to your tree? Thanks!
Acked-by: Neil Horman nhor...@tuxdriver.com
---
crypto/ansi_cprng.c |9 -
1 files changed
On Wed, Jul 01, 2009 at 09:25:17AM +0200, Sebastian Andrzej Siewior wrote:
* Neil Horman | 2009-06-30 20:06:48 [-0400]:
I think this looks better, yeah, have you tested this? If not, give it a
quick
run please, and I'll ack it.
I've built it and started
| modprobe tcrypt mode=150
and I
. This patch brings the two into line.
Signed-off-by: Neil Horman nhor...@tuxdriver.com
testmgr.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index f9bea9d..3315a38 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1480,7 +1480,7
will
fail.
Good cath!
Indeed, I didn't even think of that.
What this really should do is test a specific implementation of
stdrng. Like this,
Yeah, that looks right
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto
!
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Aug 13, 2009 at 09:29:55PM +1000, Herbert Xu wrote:
On Fri, Jun 19, 2009 at 08:55:00AM -0400, Neil Horman wrote:
Thanks! Thats definately an oversight. Likely I included it because I was
implementing it as part of the FIPS effort. The CPRNG definately works
fine,
even
On Fri, Aug 14, 2009 at 09:13:55PM +1000, Herbert Xu wrote:
On Fri, Aug 14, 2009 at 06:58:29AM -0400, Neil Horman wrote:
Yeah, I suppose, it just seemed like a hack to me, since it really is a
logical
boolean, and we use it as such. Ok, I'll look at fixing this soon. Thanks!
Well
)
--
1.5.4.2
Thanks!
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
for use in the repetition
check, but not return it to the caller (opting instead to return the next n bit
block which passes the repetiiton check instead. This patch corrects that.
Neil
Signed-off-by: Neil Horman nhor...@tuxdriver.com
random.c | 27 ---
1 file changed
.
This patch augments the continuous test in the hardware RNG to enforce this
requirement, making the hardware RNG fips compliant (when operating in fips
mode).
Neil
Signed-off-by: Neil Horman nhor...@tuxdriver.com
random.c | 28
1 file changed, 20 insertions(+), 8
-off-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
that it needs to respond to, it can opt to not register any
calls, and as a result a default handler will be registered for each which
universally returns EOPNOTSUPPORT.
Signed-off-by: Neil Horman nhor...@tuxdriver.com
crypto/rng.c | 13 +
include/crypto/rng.h | 21
of the test they
are preforming.
Signed-off-by: Neil Horman nhor...@tuxdriver.com
testmgr.c |2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 6d5b746..89ea8c1 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1470,6 +1470,8 @@ static int
patch 3/3: modify cprng to make contnuity check fips compliant and allow for a
disabling of the continuity test when the RNG is placed in FIPS mode
Signed-off-by: Neil Horman nhor...@txudriver.com
ansi_cprng.c | 56 +++-
1 file changed, 51
On Wed, Sep 16, 2009 at 10:37:29PM -0500, Herbert Xu wrote:
On Wed, Sep 16, 2009 at 12:04:56PM -0400, Neil Horman wrote:
So the question is, how do I make this RNG fips compliant without
breaking some subset of users out there that rely on the predictability of
the
CPRNG
On Thu, Sep 17, 2009 at 08:39:51AM -0700, Herbert Xu wrote:
On Thu, Sep 17, 2009 at 08:43:51AM -0400, Neil Horman wrote:
As Jarod mentioned, currently only the NIST certification vectors and, as a
result our testmgr vectors require disabling of the internal continuity
test
algorithm. We
implement fips(ansi_cprng), which is exactly like the ansi_cprng, except that it
implements the continuous test on top of it.
Signed-off-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord
Patch to add fips(ansi_cprng) alg, which is ansi_cprng plus a continuous test
Signed-off-by: Neil Horman nhor...@tuxdriver.com
ansi_cprng.c | 79 ---
1 file changed, 70 insertions(+), 9 deletions(-)
diff --git a/crypto/ansi_cprng.c b
On Mon, Oct 12, 2009 at 04:22:05PM +0200, Roel Kluin wrote:
Op 12-10-09 16:07, Herbert Xu schreef:
On Mon, Oct 12, 2009 at 09:51:42AM -0400, Neil Horman wrote:
.
Or should this test be removed?
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index 3aa6e38..9162456 100644
/ansi_cprng.c:393: warning: ‘fips_cprng_reset’ defined but not used
Signed-off-by: Jaswinder Singh Rajput jaswinderraj...@gmail.com
Yeah, looks good to me, thanks!
Acked-by: Neil Horman nhor...@tuxdriver.com
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message
On Sat, Mar 20, 2010 at 08:29:59PM +0800, Herbert Xu wrote:
On Fri, Mar 19, 2010 at 10:23:25PM -0700, David Miller wrote:
I hear what you're saying Herbert, but thinking about this a bit I
really think we should make this situation work instead of fail.
I think the initial report perhaps
On Thu, Aug 05, 2010 at 10:17:53PM +0200, Miloslav Trmač wrote:
Hello,
following is a patchset providing an user-space interface to the kernel crypto
API. It is based on the older, BSD-compatible, implementation, but the
user-space interface is different.
I only see patch 1/4 and 3/4.
On Mon, Aug 09, 2010 at 08:00:55PM -0400, Miloslav Trmac wrote:
- Herbert Xu herb...@gondor.hengli.com.au wrote:
On Thu, Aug 05, 2010 at 10:17:53PM +0200, Miloslav Trmač wrote:
Hello,
following is a patchset providing an user-space interface to the kernel
crypto
API. It is
On Tue, Aug 10, 2010 at 09:24:31AM -0400, Steve Grubb wrote:
On Tuesday, August 10, 2010 08:46:28 am Neil Horman wrote:
Specifically, my concerns are twofold:
1) struct format. By passing down a structure as your doing through an
ioctl call, theres no way to extend/modify
On Tue, Aug 10, 2010 at 10:47:14AM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@redhat.com wrote:
On Tue, Aug 10, 2010 at 09:24:31AM -0400, Steve Grubb wrote:
Thats why I had suggested the use of a netlink protocol to manage this
kind
of interface. There are other
On Tue, Aug 10, 2010 at 11:36:16AM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@tuxdriver.com wrote:
On Mon, Aug 09, 2010 at 08:00:55PM -0400, Miloslav Trmac wrote:
Is the proposed interface acceptable in the general approach (enums
for algorithms/operations, unions
On Tue, Aug 10, 2010 at 11:40:00AM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@redhat.com wrote:
On Tue, Aug 10, 2010 at 10:47:14AM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@redhat.com wrote:
On Tue, Aug 10, 2010 at 09:24:31AM -0400, Steve Grubb wrote
On Tue, Aug 10, 2010 at 12:57:43PM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@redhat.com wrote:
On Tue, Aug 10, 2010 at 11:40:00AM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@redhat.com wrote:
On Tue, Aug 10, 2010 at 10:47:14AM -0400, Miloslav Trmac wrote
On Tue, Aug 10, 2010 at 02:14:24PM -0400, Steve Grubb wrote:
On Tuesday, August 10, 2010 01:57:40 pm Neil Horman wrote:
I'm not so sure I follow. how can you receive messages on a socket in
response to requests that were sent from a different socket. In the
netlink multicast
On Tue, Aug 10, 2010 at 02:19:59PM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@tuxdriver.com wrote:
On Tue, Aug 10, 2010 at 12:57:43PM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@redhat.com wrote:
On Tue, Aug 10, 2010 at 11:40:00AM -0400, Miloslav Trmac
On Tue, Aug 10, 2010 at 03:10:12PM -0400, Steve Grubb wrote:
On Tuesday, August 10, 2010 02:45:44 pm Neil Horman wrote:
On Tue, Aug 10, 2010 at 02:14:24PM -0400, Steve Grubb wrote:
On Tuesday, August 10, 2010 01:57:40 pm Neil Horman wrote:
I'm not so sure I follow. how can you receive
On Tue, Aug 10, 2010 at 02:58:01PM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@tuxdriver.com wrote:
On Tue, Aug 10, 2010 at 11:36:16AM -0400, Miloslav Trmac wrote:
I think it would be useful to separate thinking about the data
format and about the transmission mechanism. ioctl
On Tue, Aug 10, 2010 at 10:06:05PM -0400, Miloslav Trmac wrote:
- Neil Horman nhor...@redhat.com wrote:
Ok, well, I suppose we're just not going to agree on this. I don't know how
else to argue my case, you seem to be bent on re-inventing the wheel
instead of
using what we have
On Fri, Nov 12, 2010 at 12:39:41PM -0500, Dan Rosenberg wrote:
Thanks for your response.
Just use get_random_bytes, or initalize an instance of cprng with
get_random_bytes.
Will do.
Depends on your goal, if you just wnat to hide the pointers, why not just
print
NULL
On Mon, Nov 15, 2010 at 09:43:12AM +0100, Tomas Mraz wrote:
On Fri, 2010-11-12 at 08:32 -0500, Dan Rosenberg wrote:
Hi Crypto people,
I'm planning on submitting a patch that introduces a new %p format
specifier that obfuscates kernel pointers depending on privileges. This
change is
.
Tested successfully using NIST provided RNG vectors by myself:
Signed-off-by: Neil Horman nhor...@tuxdriver.com
CC: Herbert Xu herb...@gondor.apana.org.au
CC: David S. Miller da...@davemloft.net
---
crypto/Kconfig |9 +++
crypto/Makefile|1 +
crypto/algif_rng.c | 197
On Mon, Dec 13, 2010 at 12:24:34PM -0500, Miloslav Trmac wrote:
- Neil Horman nhor...@tuxdriver.com wrote:
+static int rng_recvmsg(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t len, int flags)
+{
+ struct sock *sk = sock-sk;
+ struct
is possible.
Tested successfully using NIST provided RNG vectors by myself:
Signed-off-by: Neil Horman nhor...@tuxdriver.com
CC: Herbert Xu herb...@gondor.apana.org.au
CC: David S. Miller da...@davemloft.net
---
crypto/Kconfig |9 ++
crypto/Makefile|1 +
crypto/algif_rng.c | 212
On Thu, Jan 06, 2011 at 02:13:17PM -0800, Linus Torvalds wrote:
On Thu, Jan 6, 2011 at 1:39 PM, Herbert Xu herb...@gondor.hengli.com.au
wrote:
On Thu, Jan 06, 2011 at 01:23:19PM -0800, Linus Torvalds wrote:
Explanations of interface. Code. Who uses it? What are the actual
performance
On Sat, Jan 08, 2011 at 03:23:04PM +0200, Nikos Mavrogiannopoulos wrote:
On Fri, Jan 7, 2011 at 2:04 PM, Neil Horman nhor...@tuxdriver.com wrote:
Btw, it doesn't have to be about performance per se. Does this allow
people to use keys without actually _seeing_ those keys? Your example
On Mon, Dec 13, 2010 at 04:25:14PM -0500, Neil Horman wrote:
Change notes:
Changed rng_rcvmsg to allocate a fixed size maximum temp block to store rng
data
when recvmsg is called. This should prevent malicious DoS from user space by
tring to receive obscene amounts of random data in one
On Fri, Jan 21, 2011 at 05:00:05PM +1100, Herbert Xu wrote:
On Thu, Jan 20, 2011 at 06:34:40PM -0500, Neil Horman wrote:
Herbert, Sorry to bug you about this, but are you still planning on pulling
this
now that Linus has the infrastructure scheduled for 2.6.38?
I think it's best if we
On Fri, Jan 21, 2011 at 11:35:17PM +1100, Herbert Xu wrote:
On Fri, Jan 21, 2011 at 07:09:50AM -0500, Neil Horman wrote:
I take your point, but I'm not certain I agree that we are duplicating an
existing user interface. A cursory glance would say that we are, but
/dev/random and /dev
On Fri, Jun 17, 2011 at 02:51:31PM -0400, Jarod Wilson wrote:
Matt Mackall wrote:
On Wed, 2011-06-15 at 10:49 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
On Tue, 2011-06-14 at 18:51 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
...
But that's not even the point. Entropy accounting here
On Sat, Jun 18, 2011 at 03:40:50PM -0700, H. Peter Anvin wrote:
On 06/17/2011 01:28 PM, Matt Mackall wrote:
The one use case that it is cryptographically insufficient for is to
seed a new PRNG, which probably means it is unsuitable for being fed
as-is into /dev/random.
The thing to
On Wed, Sep 07, 2011 at 04:02:24PM -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 03:27:37 PM Ted Ts'o wrote:
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
We're looking for a generic solution here that doesn't require
re-educating every single piece of
On Wed, Sep 07, 2011 at 04:56:49PM -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:37:57 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:30 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:23:13 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:02 -0400, Steve
On Thu, Sep 08, 2011 at 08:41:57AM +0200, Tomas Mraz wrote:
On Wed, 2011-09-07 at 19:57 -0400, Neil Horman wrote:
On Wed, Sep 07, 2011 at 04:56:49PM -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:37:57 PM Sasha Levin wrote:
Anyway, it won't happen fast enough to actually
On Thu, Sep 08, 2011 at 09:11:12AM -0400, Steve Grubb wrote:
On Thursday, September 08, 2011 08:52:34 AM Neil Horman wrote:
to disk device - of course only if the device adds entropy into the
primary pool when there are writes on the device.
Yes, and thats a problem. We're assuming
interpreting FIPS 140-2, section AS07.09 as requiring that
the implementation itself must enforce the requirement. Easy fix, we
just do a memcmp of key and seed in fips_cprng_reset and call it a day.
CC: Neil Horman nhor...@tuxdriver.com
CC: Stephan Mueller smuel...@atsec.com
CC: Steve Grubb sgr
at potentially unallocated mem.
CC: Neil Horman nhor...@tuxdriver.com
CC: Stephan Mueller smuel...@atsec.com
CC: Steve Grubb sgr...@redhat.com
Signed-off-by: Jarod Wilson ja...@redhat.com
Thanks Jarod. Adding Herbert to the cc list so he can pull this into the crypto
tree.
Acked-by: Neil
be called with spinlock already held, so bring
back some extra lock/unlock calls.
CC: Herbert Xu herb...@gondor.apana.org.au
CC: David S. Miller da...@davemloft.net
CC: Neil Horman nhor...@tuxdriver.com
CC: Matt Mackall m...@selenic.com
CC: linux-crypto@vger.kernel.org
Signed-off-by: Jarod
go into 3.8-stable, to make the myriads of fips
users on 3.8.x happy.
Tested-by: Jan Stancek jstan...@redhat.com
Tested-by: Jan Stodola jstod...@redhat.com
CC: Herbert Xu herb...@gondor.apana.org.au
CC: Neil Horman nhor...@tuxdriver.com
CC: David S. Miller da...@davemloft.net
CC: Matt
1 - 100 of 128 matches
Mail list logo