Re: [PATCH 1/1] Disable fips-allowed for non-FIPS authenc ciphers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Donnerstag, 24. September 2015, 17:02:03 schrieb John Haxby:

Hi John,

>Tests that contain non-FIPS ciphers and hashes cannot themselves be
>.fips-allowed because they will necessarily fail.
>
>Signed-off-by: John Haxby <john.haxby@xxxxxxxxxx>

This is a good finding.

In fact, all authenc() ciphers are not FIPS approved ciphers.

The flag for that should be removed for all of those.

After checking in detail, the following FIPS flags should be removed as well:

- ecb(des)

- ansi_cprng (at least at the end of this year)


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux