Re: [RFC PATCH] fips: check whether a module registering an alg ortemplate is signed

[Kyle McMartin]

On Wed, Feb 06, 2013 at 06:45:45PM +0100, Stephan Mueller wrote:
> Unfortunately there has already something terrible happened: an
> additional piece of code loaded into the FIPS 140-2 module could not be
> loaded because a self test failed. This is a terrible accident in FIPS
> 140-2 speak. :-)
> 
> That means, the FIPS 140-2 module, aka kernel crypto API must become
> unavailable. As one self test failed, the entire module must become
> unavailable.
> 
> I am sorry, but there is no way around it. Just to quote the relevant
> part from the FIPS 140-2 specification, section 4.9:
> 
> If a cryptographic module fails a self-test, the module shall enter an
> error state and output an error indicator
> via the status output interface. The cryptographic module shall not
> perform any cryptographic operations
> while in an error state. All data output via the data output interface
> shall be inhibited when an error state
> exists.
> 

OK. If Herbert and Rusty are ok with this, I'll send an additional patch
moving the panic which should satisfy this requirement.

> 
> ==> the signature test we are discussing here is one of these self
> tests, in particular a conditional self test defined in section 4.9.2 of
> the FIPS 140-2 standard.
> 
> > necessary, I just didn't think it was. If Herbert doesn't object to this
> > patch, I'd move the panic from kernel/module.c to here.
> 
> I am perfectly happy with the move of the code.
> 

regards, Kyle
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/