Project

General

Profile

Actions
Copy link

action #47279

closed

[sle][security][sle15sp1] Rename the value of 'SECURITY_TEST' variable and load subroutine name for FIPS

Added by whdu about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
whdu
Category:
-
Target version:
-
Start date:
2019-02-08
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

There are some chec_var condition code in load_security_tests in lib/main_comman.pm

...
elsif (check_var("SECURITY_TEST", "core")) {
    load_security_tests_core;
}
elsif (check_var("SECURITY_TEST", "web")) {
    load_security_tests_web;
}
elsif (check_var("SECURITY_TEST", "misc")) {
    load_security_tests_misc;
}
elsif (check_var("SECURITY_TEST", "crypt")) {
    load_security_tests_crypt;
}
...

In fact, they are all cryptographic/FIPS relevant testings which should be distinguished with other security test. I propose to change with:

...
elsif (check_var("SECURITY_TEST", "crypt_core")) {
    load_security_tests_crypt_core;
}
elsif (check_var("SECURITY_TEST", "crypt_web")) {
    load_security_tests_crypt_web;
}
elsif (check_var("SECURITY_TEST", "crypt_misc")) {
    load_security_tests_crypt_misc;
}
elsif (check_var("SECURITY_TEST", "crypt_tool")) {
    load_security_tests_crypt_crypt;
}
...

The call function name should also be changed accordingly, as well as the variables in testsuites.

We don't use fips in the name because to avoid confusing since openSUSE does NOT have FIPS mode. Some tests are valid only for FIPS Regression testing. Use "FIPS_ENABLED" to control whether to run these "FIPS only" cases.

Use 'crypt' in the name because all of these tests (FIPS modules) are relevant to the encrypt/decrypt function.

Actions
Copy link

Also available in: Atom PDF