Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-24 Thread Herbert Xu
Milan Broz wrote: > The cipher_null is not a real cipher, FIPS mode should not restrict its use. > > It is used for several tests (for example in cryptsetup testsuite) and also > temporarily for reencryption of not yet encrypted device in > cryptsetup-reencrypt tool. > >

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-23 Thread Stephan Müller
Am Samstag, 22. April 2017, 09:54:08 CEST schrieb Sandy Harris: Hi Sandy, > In the FreeS/WAN project, back around the turn of the century, > we refused to implement several things required by the RFCs > because we thought they were insecure: null cipher, single > DES & 768-bit DH Group 1. > >

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-22 Thread Sandy Harris
On Sat, Apr 22, 2017 at 3:54 PM, Sandy Harris wrote: > In the FreeS/WAN project, back around the turn of the century, > we refused to implement several things required by the RFCs Link to documentation:

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-22 Thread Sandy Harris
On Sat, Apr 22, 2017 at 2:56 AM, Stephan Müller wrote: > Am Freitag, 21. April 2017, 17:25:41 CEST schrieb Stephan Müller: > Just for the records: for FIPS 140-2 rules, cipher_null is to be interpreted > as a memcpy on SGLs. Thus it is no cipher even though it sounds like

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-21 Thread Stephan Müller
Am Freitag, 21. April 2017, 17:25:41 CEST schrieb Stephan Müller: Hi, > > Acked-by: Stephan Müller Just for the records: for FIPS 140-2 rules, cipher_null is to be interpreted as a memcpy on SGLs. Thus it is no cipher even though it sounds like one. cipher_null is also

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-21 Thread Stephan Müller
Am Freitag, 21. April 2017, 14:18:20 CEST schrieb Herbert Xu: Hi Herbert, > Milan Broz wrote: > > The cipher_null is not a real cipher, FIPS mode should not restrict its > > use. > > > > It is used for several tests (for example in cryptsetup testsuite) and > > also > >

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-21 Thread Herbert Xu
Milan Broz wrote: > The cipher_null is not a real cipher, FIPS mode should not restrict its use. > > It is used for several tests (for example in cryptsetup testsuite) and also > temporarily for reencryption of not yet encrypted device in > cryptsetup-reencrypt tool. > >