[RFC] revamp fips_allowed flag

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Herbert,

The fips_allowed flag in testmgr.c shall prevent the use of "non-approved" 
ciphers in FIPS mode.

With the current code, the fips_allowed flag is bound to a name a specific 
cipher is referenced with. With the advent of more complex cipher string names 
that can be used (for example, consider names like 
"seqiv(rfc4106(gcm_base(ctr-aes-s390,ghash-generic)))", the authenc ciphers 
with the two components or even the recently added pkcspad1 algorithm), it 
seems that the approach in testmgr.c reached its limits. Lately more and more 
entries in the alg_test_descs array were added purely to have the fips_allowed 
flag set.

Wouldn't it be more prudent to move that flag into the crypto_alg and 
crypto_template data structures so that the flag is checked during the 
crypto_register_* functions? I.e. if the flag is not set and the FIPS mode is 
enabled, the cipher is simply not registered?

With that, suggestion, the fips_allowed flag is now decoupled from the cipher 
name. Complex cipher strings would now not be falsely treated as non-approved 
ciphers any more.

Ciao
Stephan
-- 
atsec information security GmbH, Steinstraße 70, 81667 München, Germany
P: +49 89 442 49 830 - F: +49 89 442 49 831
M: +49 172 216 55 78 - HRB: 129439 (Amtsgericht München)
US: +1 949 545 4096
GF: Salvatore la Pietra, Staffan Persson
atsec it security news blog - atsec-information-security.blogspot.com

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux