lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 22 Sep 2008 15:27:27 -0400
From:	Neil Horman <nhorman@...driver.com>
To:	linux-crypto@...r.kernel.org
Cc:	herbert@...dor.apana.org.au, davem@...emloft.net,
	nhorman@...driver.com, linux-kernel@...r.kernel.org
Subject: [PATCH] trigger a panic when operating in FIPS mode and a crypto
	self test fails.

Hey all-
	The FIPS specification requires that should self test for any supported
crypto algorithm fail during operation in fips mode, we need to prevent the use
of any crypto functionality until such time as the system can be re-initialized.
Seems like the best way to handle that would be to panic the system if we were
in fips mode and failed a self test.  This patch implements that functionality.
I've built and run it successfully with and 

Regards
Neil

Signed-off-by: Neil Horman <nhorman@...driver.com>


 testmgr.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b828c6c..a55cd14 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1801,6 +1801,7 @@ static int alg_find_test(const char *alg)
 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
 {
 	int i;
+	int rc;
 
 	if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
 		char nalg[CRYPTO_MAX_ALG_NAME];
@@ -1820,8 +1821,12 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
 	if (i < 0)
 		goto notest;
 
-	return alg_test_descs[i].test(alg_test_descs + i, driver,
+	rc = alg_test_descs[i].test(alg_test_descs + i, driver,
 				      type, mask);
+	if (fips_enabled && rc)
+		panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
+
+	return rc;
 
 notest:
 	printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
-- 
/****************************************************
 * Neil Horman <nhorman@...driver.com>
 * Software Engineer, Red Hat
 ****************************************************/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ