Re: [PATCH 1/1] Disable fips-allowed for non-FIPS authenc ciphers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24/09/15 17:58, Stephan Mueller wrote:
> Am Donnerstag, 24. September 2015, 17:02:03 schrieb John Haxby:
> 
> Hi John,
> 
>> >Tests that contain non-FIPS ciphers and hashes cannot themselves be
>> >.fips-allowed because they will necessarily fail.
>> >
>> >Signed-off-by: John Haxby <john.haxby@xxxxxxxxxx>
> This is a good finding.
> 
> In fact, all authenc() ciphers are not FIPS approved ciphers.
> 
> The flag for that should be removed for all of those.
> 
> After checking in detail, the following FIPS flags should be removed as well:
> 
> - ecb(des)
> 
> - ansi_cprng (at least at the end of this year)

Thanks Stephan.

Updated patch on its way.

jch
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux