Hi Herbert, The fips_allowed flag in testmgr.c shall prevent the use of "non-approved" ciphers in FIPS mode. With the current code, the fips_allowed flag is bound to a name a specific cipher is referenced with. With the advent of more complex cipher string names that can be used (for example, consider names like "seqiv(rfc4106(gcm_base(ctr-aes-s390,ghash-generic)))", the authenc ciphers with the two components or even the recently added pkcspad1 algorithm), it seems that the approach in testmgr.c reached its limits. Lately more and more entries in the alg_test_descs array were added purely to have the fips_allowed flag set. Wouldn't it be more prudent to move that flag into the crypto_alg and crypto_template data structures so that the flag is checked during the crypto_register_* functions? I.e. if the flag is not set and the FIPS mode is enabled, the cipher is simply not registered? With that, suggestion, the fips_allowed flag is now decoupled from the cipher name. Complex cipher strings would now not be falsely treated as non-approved ciphers any more. Ciao Stephan -- atsec information security GmbH, Steinstraße 70, 81667 München, Germany P: +49 89 442 49 830 - F: +49 89 442 49 831 M: +49 172 216 55 78 - HRB: 129439 (Amtsgericht München) US: +1 949 545 4096 GF: Salvatore la Pietra, Staffan Persson atsec it security news blog - atsec-information-security.blogspot.com -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
