Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-24 Thread Herbert Xu
Milan Broz wrote: > The cipher_null is not a real cipher, FIPS mode should not restrict its use. > > It is used for several tests (for example in cryptsetup testsuite) and also > temporarily for reencryption of not yet encrypted device in > cryptsetup-reencrypt tool. > >

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-23 Thread Stephan Müller
Am Samstag, 22. April 2017, 09:54:08 CEST schrieb Sandy Harris: Hi Sandy, > In the FreeS/WAN project, back around the turn of the century, > we refused to implement several things required by the RFCs > because we thought they were insecure: null cipher, single > DES & 768-bit DH Group 1. > >

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-22 Thread Sandy Harris
On Sat, Apr 22, 2017 at 3:54 PM, Sandy Harris wrote: > In the FreeS/WAN project, back around the turn of the century, > we refused to implement several things required by the RFCs Link to documentation:

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-22 Thread Sandy Harris
On Sat, Apr 22, 2017 at 2:56 AM, Stephan Müller wrote: > Am Freitag, 21. April 2017, 17:25:41 CEST schrieb Stephan Müller: > Just for the records: for FIPS 140-2 rules, cipher_null is to be interpreted > as a memcpy on SGLs. Thus it is no cipher even though it sounds like

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-21 Thread Stephan Müller
Am Freitag, 21. April 2017, 17:25:41 CEST schrieb Stephan Müller: Hi, > > Acked-by: Stephan Müller Just for the records: for FIPS 140-2 rules, cipher_null is to be interpreted as a memcpy on SGLs. Thus it is no cipher even though it sounds like one. cipher_null is also

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-21 Thread Stephan Müller
Am Freitag, 21. April 2017, 14:18:20 CEST schrieb Herbert Xu: Hi Herbert, > Milan Broz wrote: > > The cipher_null is not a real cipher, FIPS mode should not restrict its > > use. > > > > It is used for several tests (for example in cryptsetup testsuite) and > > also > >

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-21 Thread Herbert Xu
Milan Broz wrote: > The cipher_null is not a real cipher, FIPS mode should not restrict its use. > > It is used for several tests (for example in cryptsetup testsuite) and also > temporarily for reencryption of not yet encrypted device in > cryptsetup-reencrypt tool. > >

[PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-21 Thread Milan Broz
The cipher_null is not a real cipher, FIPS mode should not restrict its use. It is used for several tests (for example in cryptsetup testsuite) and also temporarily for reencryption of not yet encrypted device in cryptsetup-reencrypt tool. Problem is easily reproducible with cryptsetup