Re: [BUGFIX] crypto: Fix ctr(aes) testing by specifying geniv

On Thu, Aug 13, 2009 at 02:53:00PM +1000, Herbert Xu wrote: > > I'll look into it. Oh I see what's going on. It's the switch from chainiv to eseqiv that created the error. I'll apply your patch. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} Home Page: http

Re: crypto: ansi_cprng - Do not select FIPS

On Fri, Jun 19, 2009 at 08:55:00AM -0400, Neil Horman wrote: > > Thanks! Thats definately an oversight. Likely I included it because I was > implementing it as part of the FIPS effort. The CPRNG definately works fine, > even if fips is disabled. Although I think the relationship should be > re

Re: [BUGFIX] crypto: Fix ctr(aes) testing by specifying geniv

On Thu, Aug 13, 2009 at 05:39:10PM +1000, Herbert Xu wrote: > > Oh I see what's going on. It's the switch from chainiv to eseqiv > that created the error. I'll apply your patch. Actually we can't use seqiv on raw counter mode because it cannot guarantee IV uniqueness. I think reverting to chai

Re: crypto: ansi_cprng - Do not select FIPS

On Thu, Aug 13, 2009 at 09:29:55PM +1000, Herbert Xu wrote: > On Fri, Jun 19, 2009 at 08:55:00AM -0400, Neil Horman wrote: > > > > Thanks! Thats definately an oversight. Likely I included it because I was > > implementing it as part of the FIPS effort. The CPRNG definately works > > fine, > > e

Re: [BUGFIX] crypto: Fix ctr(aes) testing by specifying geniv

On Thu, 2009-08-13 at 21:12 +0800, Herbert Xu wrote: > On Thu, Aug 13, 2009 at 05:39:10PM +1000, Herbert Xu wrote: > > > > Oh I see what's going on. It's the switch from chainiv to eseqiv > > that created the error. I'll apply your patch. > > Actually we can't use seqiv on raw counter mode beca

Re: [BUGFIX] crypto: Fix ctr(aes) testing by specifying geniv

On Fri, Aug 14, 2009 at 09:01:07AM +0800, Huang Ying wrote: > > I see seqiv is used in rfc3686 mode, it means seqiv can not be used on > raw counter mode but can be used for rfc3686? Yeah, with rfc3686 a portion of the counter is available for counting bytes within each request. This allows a seq

Re: crypto: ansi_cprng - Do not select FIPS

On Thu, Aug 13, 2009 at 10:41:56AM -0400, Neil Horman wrote: > > Is there a good way to select a tristate from a bool? The logic is the right > thing to do above, it just seems the mechanism comes up a bit short I suppose you could turn FIPS itself into a tristate. As it should be used in just o

Re: [RFC PATCH v2] Add VMAC(AES) to Linux for intel_txt support

On Tue, Aug 11, 2009 at 01:05:57AM +0800, Shane Wang wrote: > > For the comment > > This is unnecessary. Please use the standard kernel helpers > > from asm/byteorder.h (which you get by including linux/kernel.h). > The current code distinguishes some macro implementations according to > differen