summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Horman <nhorman@tuxdriver.com>2008-10-12 14:36:51 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2008-12-25 01:01:14 +0100
commitd12d6b6d37cad766b390467e770eb0ab81345d78 (patch)
tree368790705e820e98af39430eb622786ee31c681e
parentcrypto: talitos - Perform auth check in h/w if on sec 2.1 and above (diff)
downloadlinux-d12d6b6d37cad766b390467e770eb0ab81345d78.tar.xz
linux-d12d6b6d37cad766b390467e770eb0ab81345d78.zip
crypto: testmgr - Trigger a panic when self test fails in FIPS mode
The FIPS specification requires that should self test for any supported crypto algorithm fail during operation in fips mode, we need to prevent the use of any crypto functionality until such time as the system can be re-initialized. Seems like the best way to handle that would be to panic the system if we were in fips mode and failed a self test. This patch implements that functionality. I've built and run it successfully. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/testmgr.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b828c6cf1b1d..308d9cffdc46 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1801,6 +1801,7 @@ static int alg_find_test(const char *alg)
int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
{
int i;
+ int rc;
if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
char nalg[CRYPTO_MAX_ALG_NAME];
@@ -1820,8 +1821,12 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if (i < 0)
goto notest;
- return alg_test_descs[i].test(alg_test_descs + i, driver,
+ rc = alg_test_descs[i].test(alg_test_descs + i, driver,
type, mask);
+ if (fips_enabled && rc)
+ panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
+
+ return rc;
notest:
printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);