Re: [PATCH 1/2 v2] crypto: mark algs allowed in fips mode
On Mon, May 11, 2009 at 09:52:43AM -0400, Jarod Wilson wrote: Set the fips_allowed flag in testmgr.c's alg_test_descs[] for algs that are allowed to be used when in fips mode. One caveat: des isn't actually allowed anymore, but des (and thus also ecb(des)) has to be permitted, because disallowing them results in des3_ede being unable to properly register (see des module init func). Also, crc32 isn't technically on the fips approved list, but I think it gets used in various places that necessitate it being allowed. This list is based on http://csrc.nist.gov/groups/STM/cavp/index.html Important note: allowed/approved here does NOT mean validated, just that its an alg that *could* be validated. Resending with properly updated patch v2 tag. Signed-off-by: Jarod Wilson ja...@redhat.com Acked-by: Neil Horman nhor...@tuxdriver.com -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/2 v2] crypto: skip algs not flagged fips_allowed in fips mode
On Mon, May 11, 2009 at 09:53:06AM -0400, Jarod Wilson wrote: Because all fips-allowed algorithms must be self-tested before they can be used, they will all have entries in testmgr.c's alg_test_descs[]. Skip self-tests for any algs not flagged as fips_approved and return -EINVAL when in fips mode. Resending with properly updated patch v2 tag. Signed-off-by: Jarod Wilson ja...@redhat.com Acked-by: Neil Horman nhor...@tuxdriver.com -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto: tcrypt: add option to not exit on success
On Monday 11 May 2009 10:06:32 Jarod Wilson wrote: At present, the tcrypt module always exits with an -EAGAIN upon successfully completing all the tests its been asked to run. There are cases where it would be much simpler to verify all tests passed if tcrypt simply stayed loaded (i.e. returned 0). Specifically, in fips mode, all self-tests need to be run from the initrd, and its much simpler to check the ret from modprobe for success than to scrape dmesg. To make this doable, I've simply added a module param to allow this behavior, leaving the default behavior more or less the same as before, although now we're tracking all success/failure rets as well. I've been reminded that a self-test failure in fips mode means an immediate panic, so modprobe never sees the ret in that case, but if the module load failed for other reasons, a non-zero return value from modprobe is possible w/o traversing the code paths that trigger a self-test failure panic. For one, if the tcrypt module were to go missing for some reason, modprobe would have a non-zero ret, and the initrd would need to handle panicking the system. Would there be any objections to dropping the noexit parameter entirely and just making its behavior the default? It would make all users regardless of fips mode notice failures more readily. -- Jarod Wilson ja...@redhat.com -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html