On Tue, Apr 28, 2009 at 09:21:35PM -0400, Jarod Wilson wrote:
> According to our FIPS CAVS testing lab guru, when we're in fips mode,
> we *must* print out notices of successful self-test completion for
> every alg to be compliant.
>
> Dependent on patch 'crypto: catch base cipher self-test failures in
> fips mode', which adds the test_done label.
>
> Signed-off-by: Jarod Wilson <jarod@xxxxxxxxxx>
>
> ---
> crypto/testmgr.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> index 39ffa69..d0cc85c 100644
> --- a/crypto/testmgr.c
> +++ b/crypto/testmgr.c
> @@ -2149,6 +2149,10 @@ notest:
> test_done:
> if (fips_enabled && rc)
> panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
> + /* fips mode requires we print out self-test success notices */
> + if (fips_enabled && !rc && strncmp(alg, "ctr(aes", 7))
> + printk(KERN_INFO "alg: self-tests for %s (%s) passed\n",
> + driver, alg);
> return rc;
> }
> EXPORT_SYMBOL_GPL(alg_test);
>
> --
> Jarod Wilson
> jarod@xxxxxxxxxx
>
Acked-by: Neil Horman <nhorman@xxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
