[Swan-dev] libreswan_fipsmode and friends
D. Hugh Redelmeier
hugh at mimosa.com
Tue Jan 13 07:48:45 EET 2015
[I'm looking at commits. I'm way back at
89a53ad703321d34d2cf74c5102a0c8e26503838]
I don't really understand the combinatorics of these.
First approximation:
fipsmode = fipsproduct & fips_kernel
except each is a 3-state value: yes, no, unknown. I think that
"unknown" might mean "system broken".
So what should the value computed for fipsmode be?
Currently:
unknown & anything => unknown
anything & unknown => unknown
yes & yes => yes
no & no => no
no & yes => no
yes & no => no
This is kind of min(a, b) if unknown < no < yes. But the current
representation doesn't co-operate. I can think of this as:
- < means "worse than"
- and "min" means "worser of the two".
Also: when "unknown" is discovered, it is logged one or more times.
Always in the libreswan_fips* function and sometimes in the caller.
And they get called multiple times during a run.
- is multiple logging sensible?
- are the values likely to change during a run? If not, they should
be computed once.
- is this algebra correct?
It feels like an enum might be a clearer representation than a signed integer.
I think that these are only used in pluto so they should be migrated
from libswan.
There's a lot more in this commit that I haven't yet understood.
More information about the Swan-dev
mailing list