Re: [PATCH v2] crypto: XTS - remove test that will fail in FIPS mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mittwoch, 17. August 2016, 14:52:32 CEST schrieb Tapas Sarangi:

Hi Tapas,

(please, do not top-post)

> Hi Stephan,
> 
> Yes, can you give me some more detail about your findings on dracut-fips
> !? This seems to be the major difference between our test environments
> where a bunch of algorithms are failing self-test during boot with fips=1.

cmac must be statically compiled as otherwise dracut-fips does not find it (it 
misses it in the module list).

The authenc() cipher must not be compiled as somehow the modprobe in dracut-
fips does not find some components -- I am not sure what the issue is yet. I 
even have compiled all parts forming an authenc cipher (authenc, hmac, the 
hashes, the block chaining modes, the symmetric ciphers) to be bound into the 
kernel statically. But still, something is not found by the tcrypt module in 
dracut-fips.



Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux