[Swan-dev] libreswan_fipsmode and friends

D. Hugh Redelmeier hugh at mimosa.com
Tue Jan 13 07:48:45 EET 2015


[I'm looking at commits.  I'm way back at
89a53ad703321d34d2cf74c5102a0c8e26503838]

I don't really understand the combinatorics of these.

First approximation:
	fipsmode = fipsproduct & fips_kernel

except each is a 3-state value: yes, no, unknown.  I think that
"unknown" might mean "system broken".

So what should the value computed for fipsmode be?

Currently:

unknown & anything => unknown
anything & unknown => unknown

yes & yes => yes

no & no => no
no & yes => no
yes & no => no

This is kind of min(a, b) if unknown < no < yes.  But the current
representation doesn't co-operate.  I can think of this as:
- < means "worse than"
- and "min" means "worser of the two".

Also: when "unknown" is discovered, it is logged one or more times.
Always in the libreswan_fips* function and sometimes in the caller.
And they get called multiple times during a run.

- is multiple logging sensible?

- are the values likely to change during a run?  If not, they should
  be computed once.

- is this algebra correct?

It feels like an enum might be a clearer representation than a signed integer.

I think that these are only used in pluto so they should be migrated
from libswan.

There's a lot more in this commit that I haven't yet understood.


More information about the Swan-dev mailing list