Stephan Mueller writes:
> On 25.01.2013 00:36:01, +0100, Rusty Russell wrote:
>> "the module signature" here being the signature of any crypto module,
>> I'm guessing from Kyle's awful patch. Any crypto module, or just some?
>> Presumably any module used by any crypto module, too?
>
> Any module
On 25.01.2013 00:36:01, +0100, Rusty Russell wrote:
Hi Rusty at al,
while we are at FIPS discussions, may I propose a slight fix because the
FIPS mode is not covering the FIPS 200 (a management system set of
requirements), but FIPS 140-2 covering implementation requirements for
cryptography.
Si
On 25.01.2013 00:36:01, +0100, Rusty Russell wrote:
Hi Rusty,
> Kyle McMartin writes:
>> After thinking about it a while, this seems like the best way to solve
>> the problem, although it does still kind of offend my delicate
>> sensibilities...
>
> You're far too polite. This patch was horrib
On 25.01.2013 04:20:07, +0100, Matthew Garrett wrote:
Hi Matthew,
> On Fri, Jan 25, 2013 at 12:14:54AM +, David Howells wrote:
>
>> You can't rely on someone trying to sneak a dodgy crypto module in to set the
>> flag when they build it. The detection thus needs to be done in the kernel
>>
On 24.01.2013 20:06:10, +0100, Kyle McMartin wrote:
Hi Kyle,
> After thinking about it a while, this seems like the best way to solve
> the problem, although it does still kind of offend my delicate
> sensibilities...
>
> Doing this check in the crypto layer seems kind of like a layering
> viola
On Fri, Jan 25, 2013 at 10:06:01AM +1030, Rusty Russell wrote:
> Kyle McMartin writes:
> > After thinking about it a while, this seems like the best way to solve
> > the problem, although it does still kind of offend my delicate
> > sensibilities...
>
> You're far too polite. This patch was horr
On Fri, Jan 25, 2013 at 12:14:54AM +, David Howells wrote:
> You can't rely on someone trying to sneak a dodgy crypto module in to set the
> flag when they build it. The detection thus needs to be done in the kernel
> during the module load.
>
> Can you search the module image for "crypto_re
Kyle McMartin writes:
> After thinking about it a while, this seems like the best way to solve
> the problem, although it does still kind of offend my delicate
> sensibilities...
You're far too polite. This patch was horrible, partial and ugly.
Stephan Mueller wrote:
> FIPS requires the module
Kyle McMartin wrote:
> After thinking about it a while, this seems like the best way to solve
> the problem, although it does still kind of offend my delicate
> sensibilities...
>
> Doing this check in the crypto layer seems kind of like a layering
> violation to me (and, to be honest, I think i
On Thu, Jan 24, 2013 at 02:06:10PM -0500, Kyle McMartin wrote:
> + if (err < 0 && fips_enabled && !get_modinfo(info, "crypto_fips"))
Sigh, that should be get_modinfo(...)
if (err < 0 && fips_enabled && get_modinfo(info, "crypto_fips"))
Thinko when converting from flagging things as "n
After thinking about it a while, this seems like the best way to solve
the problem, although it does still kind of offend my delicate
sensibilities...
Doing this check in the crypto layer seems kind of like a layering
violation to me (and, to be honest, I think it'd be a gross-hack getting
from th
11 matches
Mail list logo
