提交 d12d6b6d 编写于 作者: N Neil Horman 提交者: Herbert Xu

crypto: testmgr - Trigger a panic when self test fails in FIPS mode

The FIPS specification requires that should self test for any supported
crypto algorithm fail during operation in fips mode, we need to prevent
the use of any crypto functionality until such time as the system can
be re-initialized.  Seems like the best way to handle that would be
to panic the system if we were in fips mode and failed a self test.
This patch implements that functionality.  I've built and run it
successfully.
Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
上级 fe5720e2
...@@ -1801,6 +1801,7 @@ static int alg_find_test(const char *alg) ...@@ -1801,6 +1801,7 @@ static int alg_find_test(const char *alg)
int alg_test(const char *driver, const char *alg, u32 type, u32 mask) int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
{ {
int i; int i;
int rc;
if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
char nalg[CRYPTO_MAX_ALG_NAME]; char nalg[CRYPTO_MAX_ALG_NAME];
...@@ -1820,8 +1821,12 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) ...@@ -1820,8 +1821,12 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if (i < 0) if (i < 0)
goto notest; goto notest;
return alg_test_descs[i].test(alg_test_descs + i, driver, rc = alg_test_descs[i].test(alg_test_descs + i, driver,
type, mask); type, mask);
if (fips_enabled && rc)
panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
return rc;
notest: notest:
printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver); printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册