diff options
| author | Jarod Wilson <jarod@redhat.com> | 2009-05-27 15:10:21 +1000 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2009-06-02 14:04:57 +1000 |
| commit | 609c8a2babaf3e3d739755a156eb7248d56171d9 (patch) | |
| tree | 3108947574b2d5b7270d4310d1db03414b0b58ca /crypto/testmgr.c | |
| parent | ccfce74ffdd2e2f5905724dabce49d41672984ba (diff) | |
| download | linux-crypto-609c8a2babaf3e3d739755a156eb7248d56171d9.tar.gz linux-crypto-609c8a2babaf3e3d739755a156eb7248d56171d9.zip | |
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions