Re: authenc methods vs FIPS in light of unencrypted associated data

From: Herbert Xu
Date: Fri Jun 03 2016 - 06:12:23 EST


On Fri, Jun 03, 2016 at 08:42:31AM +0200, Stephan Mueller wrote:
>
> Herbert, when using crypto_spawn_*, is there a flag set by the crypto API that
> the to-be-instantiated cipher is invoked by the kernel crypto API instead of
> by a user? I would assume that the INTERNAL flag could be of relevance here.
> If that INTERNAL flag is set, I think that the function alg_test could be
> changed such that if the INTERNAL flag is set, the fips_allowed flag is not
> enforced.

Yes we can certainly set INTERNAL for this case.

Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt