[v3,0/6] Trivial set of FIPS 140-3 related changes

Message ID	20221229211710.14912-1-vdronov@redhat.com (mailing list archive)
Headers	show Return-Path: <linux-crypto-owner@vger.kernel.org> From: Vladis Dronov <vdronov@redhat.com> To: Herbert Xu <herbert@gondor.apana.org.au>, "David S . Miller" <davem@davemloft.net> Cc: Nicolai Stange <nstange@suse.de>, Elliott Robert <elliott@hpe.com>, Stephan Mueller <smueller@chronox.de>, Eric Biggers <ebiggers@google.com>, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov <vdronov@redhat.com> Subject: [PATCH v3 0/6] Trivial set of FIPS 140-3 related changes Date: Thu, 29 Dec 2022 22:17:04 +0100 Message-Id: <20221229211710.14912-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Trivial set of FIPS 140-3 related changes \| expand [v3,0/6] Trivial set of FIPS 140-3 related changes [v3,1/6] crypto: xts - restrict key lengths to approved values in FIPS mode [v3,2/6] crypto: xts - drop xts_check_key() [v3,3/6] crypto: xts - drop redundant xts key check [v3,4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode [v3,5/6] crypto: testmgr - disallow plain ghash in FIPS mode [v3,6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode

Message ID

20221229211710.14912-1-vdronov@redhat.com (mailing list archive)

Headers

From: Vladis Dronov <vdronov@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
        "David S . Miller" <davem@davemloft.net>
Cc: Nicolai Stange <nstange@suse.de>, Elliott Robert <elliott@hpe.com>,
        Stephan Mueller <smueller@chronox.de>,
        Eric Biggers <ebiggers@google.com>,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        Vladis Dronov <vdronov@redhat.com>
Subject: [PATCH v3 0/6] Trivial set of FIPS 140-3 related changes
Date: Thu, 29 Dec 2022 22:17:04 +0100
Message-Id: <20221229211710.14912-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Trivial set of FIPS 140-3 related changes | expand

Message

Vladis Dronov Dec. 29, 2022, 9:17 p.m. UTC

Hi,

This patchset and cover letter was initially composed by Nicolai Stange
and sent earlier as:

https://lore.kernel.org/r/20221108142025.13461-1-nstange@suse.de/
with a subject: [PATCH 0/4] Trivial set of FIPS 140-3 related changes

I'm adding patches 2 and 3 which (I hope) resolve issues spotted by
reviewers of previous version of the patchset. This new patchset should
ease our future kernel work on the FIPS mode.

I'm quoting Nicolai's cover letter here:

> Hi all,
> 
> these four rather unrelated patches are basically a dump of some of the
> more trivial changes required for working towards FIPS 140-3 conformance.
> 
> Please pick as you deem appropriate.
> 
> Thanks!
> 
> Nicolai

v2: fixed a block comment formatting

v3: "Reviewed-by: Eric Biggers" was copied from the v1 thread:
    https://lore.kernel.org/r/Y6OXuT95MlkNanSR@sol.localdomain/

Nicolai Stange (4):
  crypto: xts - restrict key lengths to approved values in FIPS mode
  crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode
  crypto: testmgr - disallow plain ghash in FIPS mode
  crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode

Vladis Dronov (2):
  crypto: xts - drop xts_check_key()
  crypto: xts - drop redundant xts key check

 arch/s390/crypto/aes_s390.c                   |  4 ---
 arch/s390/crypto/paes_s390.c                  |  2 +-
 crypto/testmgr.c                              |  4 +--
 drivers/crypto/atmel-aes.c                    |  2 +-
 drivers/crypto/axis/artpec6_crypto.c          |  2 +-
 drivers/crypto/cavium/cpt/cptvf_algs.c        |  8 +++---
 .../crypto/cavium/nitrox/nitrox_skcipher.c    |  8 +++---
 drivers/crypto/ccree/cc_cipher.c              |  2 +-
 .../crypto/marvell/octeontx/otx_cptvf_algs.c  |  2 +-
 .../marvell/octeontx2/otx2_cptvf_algs.c       |  2 +-
 include/crypto/xts.h                          | 25 +++++++------------
 11 files changed, 23 insertions(+), 38 deletions(-)

base-commit: b6bb9676f2165d518b35ba3bea5f1fcfc0d969bf

Comments

Herbert Xu Jan. 6, 2023, 3:18 p.m. UTC | #1

On Thu, Dec 29, 2022 at 10:17:04PM +0100, Vladis Dronov wrote:
> Hi,
> 
> This patchset and cover letter was initially composed by Nicolai Stange
> and sent earlier as:
> 
> https://lore.kernel.org/r/20221108142025.13461-1-nstange@suse.de/
> with a subject: [PATCH 0/4] Trivial set of FIPS 140-3 related changes
> 
> I'm adding patches 2 and 3 which (I hope) resolve issues spotted by
> reviewers of previous version of the patchset. This new patchset should
> ease our future kernel work on the FIPS mode.
> 
> I'm quoting Nicolai's cover letter here:
> 
> > Hi all,
> > 
> > these four rather unrelated patches are basically a dump of some of the
> > more trivial changes required for working towards FIPS 140-3 conformance.
> > 
> > Please pick as you deem appropriate.
> > 
> > Thanks!
> > 
> > Nicolai
> 
> v2: fixed a block comment formatting
> 
> v3: "Reviewed-by: Eric Biggers" was copied from the v1 thread:
>     https://lore.kernel.org/r/Y6OXuT95MlkNanSR@sol.localdomain/
> 
> Nicolai Stange (4):
>   crypto: xts - restrict key lengths to approved values in FIPS mode
>   crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode
>   crypto: testmgr - disallow plain ghash in FIPS mode
>   crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode
> 
> Vladis Dronov (2):
>   crypto: xts - drop xts_check_key()
>   crypto: xts - drop redundant xts key check
> 
>  arch/s390/crypto/aes_s390.c                   |  4 ---
>  arch/s390/crypto/paes_s390.c                  |  2 +-
>  crypto/testmgr.c                              |  4 +--
>  drivers/crypto/atmel-aes.c                    |  2 +-
>  drivers/crypto/axis/artpec6_crypto.c          |  2 +-
>  drivers/crypto/cavium/cpt/cptvf_algs.c        |  8 +++---
>  .../crypto/cavium/nitrox/nitrox_skcipher.c    |  8 +++---
>  drivers/crypto/ccree/cc_cipher.c              |  2 +-
>  .../crypto/marvell/octeontx/otx_cptvf_algs.c  |  2 +-
>  .../marvell/octeontx2/otx2_cptvf_algs.c       |  2 +-
>  include/crypto/xts.h                          | 25 +++++++------------
>  11 files changed, 23 insertions(+), 38 deletions(-)
> 
> base-commit: b6bb9676f2165d518b35ba3bea5f1fcfc0d969bf
> -- 
> 2.38.1

All applied.  Thanks.