Re: [PATCH 0/2] crypto: disallow non-approved algs in fips mode

[Jarod Wilson]

On Thursday 07 May 2009 14:41:26 Jarod Wilson wrote:
> At present, nothing is preventing the use of non-approved algorithms
> in fips mode. I was initially working on a patch to make it easier
> for all fips-approved algs to be tested using tcrypt, and realized
> the changes I was making could also be used to prevent non-approved
> algs in fips mode. Any approved alg *must* have self-tests, and thus
> have an entry in testmgr.c's alg_test_descs[]. By adding a fips flag
> to these entries, we can simply reject all algs that don't have this
> flag when in fips mode by skipping their self-tests and returning
> an -EINVAL to prevent them from being loaded. So with this change, I
> can
> 
> 1) 'modprobe tcrypt' and have all fips approved algs self-tested, and
>    *only* fips approved algs tested
> 
> 2) 'modprobe md4' for example, and in fips mode, have the module load
>    rejected as invalid

Hrm. Minor correction... Only seeing module loads rejected as invalid
when patching this into a Red Hat Enterprise Linux 5.x kernel. With the
cryptodev tree, we do skip non-allowed algs as intended, but loading
modules for non-allowed algs still works...

-- 
Jarod Wilson
jarod@xxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/