Am Dienstag, 16. August 2022, 04:43:03 CEST schrieb Herbert Xu: Hi Herbert, > On Mon, Aug 15, 2022 at 02:30:13PM -0700, Eric Biggers wrote: > > Note that this is only a problem because tcrypt calls alg_test() directly. > > The normal way that alg_test() gets called is for the registration-time > > self-test. It's not clear to me why tcrypt calls alg_test() directly; the > > registration-time test should be enough. Herbert, do you know? > > The tcrypt code predates testmgr. So at the beginning we only had > the enumerative testing. Registration-time testing was added later. > > We could remove the enumerative testing, but I think the FIPS people > have grown rather attached to it because it ticks some sort of a box > at boot-time. > > Stephane, would it be a problem for FIPS if we simply got rid of the > enumerative testing in tcrypt and instead relied on registration-time > testing? The tcrypt code has only one purpose for FIPS: to allocate all crypto algorithms at boot time and thus to trigger the self test during boot time. That was a requirement until some time ago. These requirements were relaxed a bit such that a self test before first use is permitted, i.e. the approach we have in testmgr.c. Therefore, presently we do not need this boot-time allocation of an algorithm via tcrypt which means that from a FIPS perspective tcrypt is no longer required. > > Cheers, Ciao Stephan