Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, 21. April 2017, 17:25:41 CEST schrieb Stephan Müller:

Hi,

> 
> Acked-by: Stephan Müller <smueller@xxxxxxxxxx>

Just for the records: for FIPS 140-2 rules, cipher_null is to be interpreted 
as a memcpy on SGLs. Thus it is no cipher even though it sounds like one.

cipher_null is also needed for seqiv which is required for rfc4106(gcm(aes)), 
which is an approved cipher. Also, it is needed for authenc() which uses it 
for copying the AAD from src to dst.

That said, cipher_null must not be used for "encryption" operation but rather 
for handling data that is not subjected to FIPS 140-2 rules.

Ciao
Stephan



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux