aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Horman <nhorman@tuxdriver.com>2008-10-12 08:36:51 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2008-12-24 19:01:14 -0500
commitd12d6b6d37cad766b390467e770eb0ab81345d78 (patch)
tree368790705e820e98af39430eb622786ee31c681e
parentfe5720e2b7c1e8ff95d4bf18329517cf64ad1d70 (diff)
crypto: testmgr - Trigger a panic when self test fails in FIPS mode
The FIPS specification requires that should self test for any supported crypto algorithm fail during operation in fips mode, we need to prevent the use of any crypto functionality until such time as the system can be re-initialized. Seems like the best way to handle that would be to panic the system if we were in fips mode and failed a self test. This patch implements that functionality. I've built and run it successfully. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/testmgr.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b828c6cf1b1d..308d9cffdc46 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1801,6 +1801,7 @@ static int alg_find_test(const char *alg)
1801int alg_test(const char *driver, const char *alg, u32 type, u32 mask) 1801int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
1802{ 1802{
1803 int i; 1803 int i;
1804 int rc;
1804 1805
1805 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { 1806 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
1806 char nalg[CRYPTO_MAX_ALG_NAME]; 1807 char nalg[CRYPTO_MAX_ALG_NAME];
@@ -1820,8 +1821,12 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
1820 if (i < 0) 1821 if (i < 0)
1821 goto notest; 1822 goto notest;
1822 1823
1823 return alg_test_descs[i].test(alg_test_descs + i, driver, 1824 rc = alg_test_descs[i].test(alg_test_descs + i, driver,
1824 type, mask); 1825 type, mask);
1826 if (fips_enabled && rc)
1827 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
1828
1829 return rc;
1825 1830
1826notest: 1831notest:
1827 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver); 1832 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);