All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stephan Mueller <stephan.mueller@atsec.com>
To: herbert@gondor.apana.org.au
Cc: linux-crypto@vger.kernel.org
Subject: [RFC] revamp fips_allowed flag
Date: Thu, 15 Sep 2016 07:35:43 +0200	[thread overview]
Message-ID: <1818375.56xtGUSNII@tauon.atsec.com> (raw)

Hi Herbert,

The fips_allowed flag in testmgr.c shall prevent the use of "non-approved" 
ciphers in FIPS mode.

With the current code, the fips_allowed flag is bound to a name a specific 
cipher is referenced with. With the advent of more complex cipher string names 
that can be used (for example, consider names like 
"seqiv(rfc4106(gcm_base(ctr-aes-s390,ghash-generic)))", the authenc ciphers 
with the two components or even the recently added pkcspad1 algorithm), it 
seems that the approach in testmgr.c reached its limits. Lately more and more 
entries in the alg_test_descs array were added purely to have the fips_allowed 
flag set.

Wouldn't it be more prudent to move that flag into the crypto_alg and 
crypto_template data structures so that the flag is checked during the 
crypto_register_* functions? I.e. if the flag is not set and the FIPS mode is 
enabled, the cipher is simply not registered?

With that, suggestion, the fips_allowed flag is now decoupled from the cipher 
name. Complex cipher strings would now not be falsely treated as non-approved 
ciphers any more.

Ciao
Stephan
-- 
atsec information security GmbH, Steinstraße 70, 81667 München, Germany
P: +49 89 442 49 830 - F: +49 89 442 49 831
M: +49 172 216 55 78 - HRB: 129439 (Amtsgericht München)
US: +1 949 545 4096
GF: Salvatore la Pietra, Staffan Persson
atsec it security news blog - atsec-information-security.blogspot.com

             reply	other threads:[~2016-09-15  5:45 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-15  5:35 Stephan Mueller [this message]
2016-09-15  5:58 ` [RFC] revamp fips_allowed flag Herbert Xu
2016-09-15  6:23   ` Stephan Mueller
2016-09-15  6:26     ` Herbert Xu
2016-09-16  5:42       ` Stephan Mueller
2016-09-16  5:56         ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1818375.56xtGUSNII@tauon.atsec.com \
    --to=stephan.mueller@atsec.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.