Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 549

kernel-2.6.18-238.el5.src.rpm

From: Jarod Wilson <jarod@redhat.com>
Date: Tue, 12 May 2009 11:41:41 -0400
Subject: [crypto] mark algs allowed in fips mode
Message-id: 200905121141.41718.jarod@redhat.com
O-Subject: [RHEL5.4 PATCH 1/3] crypto: mark algs allowed in fips mode
Bugzilla: 499646
RH-Acked-by: Neil Horman <nhorman@redhat.com>

On Tuesday 12 May 2009 11:37:56 Jarod Wilson wrote:
> Bugzilla #499646: [FIPS140-2] add parameter to tcrypt self test module
> to only allow testing of approved supported algorithms
> https://bugzilla.redhat.com/show_bug.cgi?id=499646

Mark the algorithms that are allowed in fips mode.

Note that des and crc32 aren't actually approved algs, but are both
required for proper functionality of the system, and thus have to
be allowed as well. crc32 is used by a number of drivers for basic
integrity checks and blocking des would also prevent the approved
des3_ede from being used, due to the way their shared driver is
initialized.

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index f22fe86..38a238f 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -93,6 +93,7 @@ struct alg_test_desc {
 	const char *alg;
 	int (*test)(const struct alg_test_desc *desc, const char *driver,
 		    u32 type, u32 mask);
+	int fips_allowed;	/* set if alg is allowed in fips mode */
 
 	union {
 		struct aead_test_suite aead;
@@ -1026,6 +1027,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	{
 		.alg = "ansi_cprng",
 		.test = alg_test_cprng,
+		.fips_allowed = 1,
 		.suite = {
 			.cprng = {
 				.vecs = ansi_cprng_aes_tv_template,
@@ -1035,6 +1037,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "cbc(aes)",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1095,6 +1098,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "cbc(des3_ede)",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1125,6 +1129,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ccm(aes)",
 		.test = alg_test_aead,
+		.fips_allowed = 1,
 		.suite = {
 			.aead = {
 				.enc = {
@@ -1140,6 +1145,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ctr(aes)",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1155,6 +1161,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ecb(aes)",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1245,6 +1252,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ecb(des)",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1260,6 +1268,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ecb(des3_ede)",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1389,6 +1398,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "hmac(sha1)",
 		.test = alg_test_hash,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = hmac_sha1_tv_template,
@@ -1398,6 +1408,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "hmac(sha256)",
 		.test = alg_test_hash,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = hmac_sha256_tv_template,
@@ -1407,6 +1418,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "hmac(sha384)",
 		.test = alg_test_hash,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = hmac_sha384_tv_template,
@@ -1416,6 +1428,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "hmac(sha512)",
 		.test = alg_test_hash,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = hmac_sha512_tv_template,
@@ -1425,6 +1438,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "rfc3686(ctr(aes))",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1440,6 +1454,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "rfc4309(ccm(aes))",
 		.test = alg_test_aead,
+		.fips_allowed = 1,
 		.suite = {
 			.aead = {
 				.enc = {
diff --git a/crypto/testmgr_digest.c b/crypto/testmgr_digest.c
index 38b0516..2a94541 100644
--- a/crypto/testmgr_digest.c
+++ b/crypto/testmgr_digest.c
@@ -49,6 +49,7 @@ struct alg_test_desc {
 	const char *alg;
 	int (*test)(const struct alg_test_desc *desc, const char *driver,
 		    u32 type, u32 mask);
+	int fips_allowed;	/* set if alg is allowed in fips mode */
 
 	union {
 		struct hash_test_suite hash;
@@ -184,6 +185,7 @@ static const struct alg_test_desc digest_test_descs[] = {
 	}, {
 		.alg = "sha1",
 		.test = alg_test_digest,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = sha1_tv_template,
@@ -193,6 +195,7 @@ static const struct alg_test_desc digest_test_descs[] = {
 	}, {
 		.alg = "sha256",
 		.test = alg_test_digest,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = sha256_tv_template,
@@ -202,6 +205,7 @@ static const struct alg_test_desc digest_test_descs[] = {
 	}, {
 		.alg = "sha384",
 		.test = alg_test_digest,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = sha384_tv_template,
@@ -211,6 +215,7 @@ static const struct alg_test_desc digest_test_descs[] = {
 	}, {
 		.alg = "sha512",
 		.test = alg_test_digest,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = sha512_tv_template,

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional