| Message ID | 20190125093147.10266-1-gmazyland@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: mark crc32 checksum as FIPS allowed | expand |
Am Freitag, 25. Januar 2019, 10:31:47 CET schrieb Milan Broz: Hi Milan, > The CRC32 is not a cryptographic hash algorithm, > so the FIPS restrictions should not apply to it. > (The CRC32C variant is already allowed.) > > This CRC32 variant is used for in dm-crypt legacy TrueCrypt > IV implementation (tcw); detected by cryptsetup test suite > failure in FIPS mode. > > Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Stephan Mueller <smueller@chronox.de> Ciao Stephan
On Fri, Jan 25, 2019 at 09:31:47AM +0000, Milan Broz wrote: > The CRC32 is not a cryptographic hash algorithm, > so the FIPS restrictions should not apply to it. > (The CRC32C variant is already allowed.) > > This CRC32 variant is used for in dm-crypt legacy TrueCrypt > IV implementation (tcw); detected by cryptsetup test suite > failure in FIPS mode. > > Signed-off-by: Milan Broz <gmazyland@gmail.com> > --- > crypto/testmgr.c | 1 + > 1 file changed, 1 insertion(+) Patch applied. Thanks.
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 0f684a414acb..82bc0398bbbf 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2735,6 +2735,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "crc32", .test = alg_test_hash, + .fips_allowed = 1, .suite = { .hash = __VECS(crc32_tv_template) }
The CRC32 is not a cryptographic hash algorithm, so the FIPS restrictions should not apply to it. (The CRC32C variant is already allowed.) This CRC32 variant is used for in dm-crypt legacy TrueCrypt IV implementation (tcw); detected by cryptsetup test suite failure in FIPS mode. Signed-off-by: Milan Broz <gmazyland@gmail.com> --- crypto/testmgr.c | 1 + 1 file changed, 1 insertion(+)