On Tue, 14 Apr 2015, Lennart Sorensen wrote:
On Tue, Apr 14, 2015 at 11:07:08AM -0400, Paul Wouters wrote:
Yes, the kernel crypto is also getting FIPS validated (and has in the
past as well) and that includes all combinations of supported
architectures and with/without acceleration drivers. It has even
resulted in blacklisting some acceleration modules that did not fully
comply (eg some could only use 128 bit keys and would error on 256)
Like the Geode LX800 which only does 128bit AES in hardware, and the
kernel has to switch to software to do anything else. Such an odd
design choice.
Worse, AESNI ghash only takes 128 and did not fall back to software
properly. Some IBM v8 and s390x also had similar issues :P
Well the nss bit does seem like it probably is the best option, and the
support for offloading to dedicated hardware and not even seeing the
keys in libreswan is an interesting one (not that I have access to any
hardware that can do that).
although we do see the SKEYSEED / KEYMAT :P
ASN.1 parsers like xml parsers are evil horrible things that often have
security problems it seems. The less we have of them to maintain
the better.
Yes :)
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
