On Wed, Dec 22, 2021 at 08:11:07PM +0100, Petr Vorel wrote: > Hi Herbert, > > do I understand the crypto code correctly, that although crypto/testmgr.c in > alg_test() returns -EINVAL for non-fips allowed algorithms (that means > failing crypto API test) the API in crypto_alg_lookup() returns -ELIBBAD for > failed test? > > Why ELIBBAD and not ENOENT like for missing ciphers? To distinguish between > missing cipher and disabled one due fips? Correct. ELIBBAD is returned for a failed self-test while ENOENT means that there is no algorithm at all. This matters if there is more than one provider of the same algorithm. In that case ELIBBAD would only be returned if all failed the self-test. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
