diff options
author | Jarod Wilson <jarod@redhat.com> | 2009-05-27 07:10:21 +0200 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2009-06-02 06:04:57 +0200 |
commit | 4e033a6bc70f094d36128c328f6ca725c6ca4b4c (patch) | |
tree | e400f6b98c48b4ec935e41ab070c1efbabe71068 /kernel/audit_tree.c | |
parent | crypto: compress - Return produced bytes in crypto_{,de}compress_{update,final} (diff) | |
download | linux-4e033a6bc70f094d36128c328f6ca725c6ca4b4c.tar.xz linux-4e033a6bc70f094d36128c328f6ca725c6ca4b4c.zip |
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'kernel/audit_tree.c')
0 files changed, 0 insertions, 0 deletions