On 05/07/2009 10:12 PM, Herbert Xu wrote:
> On Thu, May 07, 2009 at 03:27:59PM -0400, Jarod Wilson wrote:
>> Because all fips-allowed algorithms must be self-tested before they
>> can be used, they will all have entries in testmgr.c's alg_test_descs[].
>> If we add and set an additional flag for the allowed algorithms, we can
>> key off of it to prevent use of any algs that aren't allowed.
>>
>> Signed-off-by: Jarod Wilson <jarod@xxxxxxxxxx>
>>
>> ---
>> crypto/testmgr.c | 9 +++++++++
>> 1 files changed, 9 insertions(+), 0 deletions(-)
>>
>> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
>> index f4cc178..232f043 100644
>> --- a/crypto/testmgr.c
>> +++ b/crypto/testmgr.c
>> @@ -94,6 +94,7 @@ struct alg_test_desc {
>> const char *alg;
>> int (*test)(const struct alg_test_desc *desc, const char *driver,
>> u32 type, u32 mask);
>> + int fips_allowed; /* set if alg is allowed in fips mode */
>>
>> union {
>> struct aead_test_suite aead;
>
> Please merge this chunk with the second patch into one and have
> it as the first patch. We want this to be bisectable.
D'oh. I actually was attempting to make it bisectable, but now I see
that w/fips mode enabled, you wouldn't be able to use any algs with
them split this way if you landed between 'em. I'll repost shortly.
--
Jarod Wilson
jarod@xxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
