On Wed, Feb 8, 2023 at 10:27 AM Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > As FIPS is only able to verify the compliance of pkcs1pad the > underlying "rsa" algorithm should not be marked as fips_allowed. > > Reported-by: Clemens Lang <cllang@xxxxxxxxxx> > Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Seems to work as expected - with the patch I get the following lines in the kernel console (in FIPS MODE: [ 0.961355] alg: rsa (rsa-generic) is disabled due to FIPS [ 0.962025] alg: self-tests for pkcs1pad(rsa-generic,sha512) (pkcs1pad(rsa,sha512)) passed [ 1.119701] alg: self-tests for pkcs1pad(rsa-generic,sha256) (pkcs1pad(rsa,sha256)) passed So I take it the pkcs1pad(...) algos work (the tests passed), while the plain rsa will not be usable. On a kernel without the patch I get (in FIPS mode): [ 0.990012] alg: self-tests for rsa-generic (rsa) passed [ 0.990753] alg: self-tests for pkcs1pad(rsa-generic,sha512) (pkcs1pad(rsa,sha512)) passed [ 1.301441] alg: self-tests for pkcs1pad(rsa-generic,sha256) (pkcs1pad(rsa,sha256)) passed Also, if I additionally apply [1], the "fips: yes/no" output in /proc/crypto matches the expectations. Tested-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> [1] https://lore.kernel.org/all/Y+RJfZ5o59azXqSc@xxxxxxxxxxxxxxxxxxx/ > > diff --git a/crypto/testmgr.c b/crypto/testmgr.c > index dd748832ed4a..6fbb56c6bd4c 100644 > --- a/crypto/testmgr.c > +++ b/crypto/testmgr.c > @@ -5467,7 +5467,6 @@ static const struct alg_test_desc alg_test_descs[] = { > }, { > .alg = "rsa", > .test = alg_test_akcipher, > - .fips_allowed = 1, > .suite = { > .akcipher = __VECS(rsa_tv_template) > } > -- > Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt > -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.