linux.git/crypto/testmgr.c, branch v4.6-rc2 Linux kernel source tree crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode. 2016-02-27T19:26:31+00:00 Marcus Meissner meissner@suse.de 2016-02-19T12:34:28+00:00 8888690ef5f764b01955817aafd6605ac6a29fcc RFC 3686 CTR in various authenc methods. rfc3686(ctr(aes)) is already marked fips compliant, so these should be fine. Signed-off-by: Marcus Meissner <meissner@suse.de> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
RFC 3686 CTR in various authenc methods.

rfc3686(ctr(aes)) is already marked fips compliant,
so these should be fine.

Signed-off-by: Marcus Meissner <meissner@suse.de>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - mark authenticated ctr(aes) also as FIPS able 2016-02-16T20:07:40+00:00 Marcus Meissner meissner@suse.de 2016-02-06T10:53:07+00:00 fb16abc2e9deedf075cfe2a01584b092ab5440e0 (2nd try that adds missing , to build.) Signed-off-by: Marcus Meissner <meissner@suse.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
(2nd try that adds missing , to build.)

Signed-off-by: Marcus Meissner <meissner@suse.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - mark more algorithms as FIPS compliant 2016-02-06T07:43:20+00:00 Marcus Meissner meissner@suse.de 2016-02-05T13:23:33+00:00 ed1afac9145c4517a2c84f93e04a35046ea206e3 Some more authenc() wrapped algorithms are FIPS compliant, tag them as such. Signed-off-by: Marcus Meissner <meissner@suse.de> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Some more authenc() wrapped algorithms are FIPS compliant, tag
them as such.

Signed-off-by: Marcus Meissner <meissner@suse.de>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - fix out of bound read in __test_aead() 2016-02-06T07:33:29+00:00 Jerome Marchand jmarchan@redhat.com 2016-02-03T12:58:12+00:00 abfa7f4357e3640fdee87dfc276fd0f379fb5ae6 __test_aead() reads MAX_IVLEN bytes from template[i].iv, but the actual length of the initialisation vector can be shorter. The length of the IV is already calculated earlier in the function. Let's just reuses that. Also the IV length is currently calculated several time for no reason. Let's fix that too. This fix an out-of-bound error detected by KASan. Signed-off-by: Jerome Marchand <jmarchan@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the
actual length of the initialisation vector can be shorter.
The length of the IV is already calculated earlier in the
function. Let's just reuses that. Also the IV length is currently
calculated several time for no reason. Let's fix that too.
This fix an out-of-bound error detected by KASan.

Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Add a test case for import()/export() 2016-02-06T07:33:27+00:00 Wang, Rui Y rui.y.wang@intel.com 2016-02-03T10:26:57+00:00 018ba95c71c0b0ef7abc8d584bf556ffd1f5b230 Modify __test_hash() so that hash import/export can be tested from within the kernel. The test is unconditionally done when a struct hash_testvec has its .np > 1. v3: make the test unconditional v2: Leverage template[i].np as suggested by Tim Chen Signed-off-by: Rui Wang <rui.y.wang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Modify __test_hash() so that hash import/export can be tested
from within the kernel. The test is unconditionally done when
a struct hash_testvec has its .np > 1.

v3: make the test unconditional
v2: Leverage template[i].np as suggested by Tim Chen

Signed-off-by: Rui Wang <rui.y.wang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: compress - remove unused pcomp interface 2016-01-27T12:36:24+00:00 Joonsoo Kim js1304@gmail.com 2016-01-26T08:15:03+00:00 110492183c4b8f572b16fce096b9d78e2da30baf It is unused now, so remove it. Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@lge.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
It is unused now, so remove it.

Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ansi_cprng - ANSI X9.31 DRNG is not allowed in FIPS 140-2 2016-01-25T14:38:59+00:00 Stephan Mueller smueller@chronox.de 2016-01-05T12:12:21+00:00 eac6d4081d7c3bae0e220859b5a0422cd53f00d8 As per update of the FIPS 140-2 Annex C supported by SP800-131A, the ANSI X9.31 DRNG is not an allowed cipher in FIPS mode any more. CC: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
As per update of the FIPS 140-2 Annex C supported by SP800-131A, the
ANSI X9.31 DRNG is not an allowed cipher in FIPS mode any more.

CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: keywrap - add testmgr support 2015-10-15T13:05:08+00:00 Stephan Mueller smueller@chronox.de 2015-09-21T18:59:56+00:00 353519887ca3df97c0e60be4fdf05c44e2faca22 The testmanager code for symmetric ciphers is extended to allow verification of the IV after a cipher operation. In addition, test vectors for kw(aes) for encryption and decryption are added. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The testmanager code for symmetric ciphers is extended to allow
verification of the IV after a cipher operation.

In addition, test vectors for kw(aes) for encryption and decryption are
added.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - test IV value after a cipher operation 2015-10-15T13:05:01+00:00 Boris BREZILLON boris.brezillon@free-electrons.com 2015-06-16T09:46:46+00:00 8a826a34a52eef9ea1cb93f49ada358fa7b0bb32 The crypto drivers are supposed to update the IV passed to the crypto request before calling the completion callback. Test for the IV value before considering the test as successful. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The crypto drivers are supposed to update the IV passed to the crypto
request before calling the completion callback.
Test for the IV value before considering the test as successful.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: akcipher - Changes to asymmetric key API 2015-10-14T14:23:16+00:00 Tadeusz Struk tadeusz.struk@intel.com 2015-10-08T16:26:55+00:00 22287b0b5988b603b5f0daa282c89aaf2b877313 Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Setkey function has been split into set_priv_key and set_pub_key.
Akcipher requests takes sgl for src and dst instead of void *.
Users of the API i.e. two existing RSA implementation and
test mgr code have been updated accordingly.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>