Re: [PATCH 1/4] crypto: xts - restrict key lengths to approved values in FIPS mode

From: Herbert Xu
Date: Thu Nov 10 2022 - 23:23:27 EST

Next message: Alexander Zhang: "Re: [PATCH 0/1] HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk"
Previous message: Herbert Xu: "Re: [PATCH 1/4] crypto: xts - restrict key lengths to approved values in FIPS mode"
In reply to: Nicolai Stange: "Re: [PATCH 1/4] crypto: xts - restrict key lengths to approved values in FIPS mode"
Next in thread: Nicolai Stange: "[PATCH 2/4] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 09, 2022 at 11:06:17AM +0100, Nicolai Stange wrote:
>
> >From a quick glance, all of the above drivers merely convert some
> crypto_skcipher to a crypto_tfm before passing it to xts_check_key().
>
> So I think these should all be made to call xts_verify_key() directly
> instead, the former xts_check_key() could then get dropped. But that's
> more of a cleanup IMO and would probably deserve a separate patch series
> on its own.

We should make sure both do the same thing though. So either
change all the drivers or just change xts_check_key in your patch
in addition to xts_verify_key.

Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Alexander Zhang: "Re: [PATCH 0/1] HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk"
Previous message: Herbert Xu: "Re: [PATCH 1/4] crypto: xts - restrict key lengths to approved values in FIPS mode"
In reply to: Nicolai Stange: "Re: [PATCH 1/4] crypto: xts - restrict key lengths to approved values in FIPS mode"
Next in thread: Nicolai Stange: "[PATCH 2/4] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]