On Thu, Dec 23, 2021 at 09:08:42AM +1100, Herbert Xu wrote: > On Wed, Dec 22, 2021 at 08:11:07PM +0100, Petr Vorel wrote: > > Hi Herbert, > > > > do I understand the crypto code correctly, that although crypto/testmgr.c in > > alg_test() returns -EINVAL for non-fips allowed algorithms (that means > > failing crypto API test) the API in crypto_alg_lookup() returns -ELIBBAD for > > failed test? > > > > Why ELIBBAD and not ENOENT like for missing ciphers? To distinguish between > > missing cipher and disabled one due fips? > > Correct. ELIBBAD is returned for a failed self-test while ENOENT > means that there is no algorithm at all. > > This matters if there is more than one provider of the same algorithm. > In that case ELIBBAD would only be returned if all failed the self-test. > Isn't it just an implementation detail that !fips_allowed is handled by the self-test? Wouldn't it make more sense to report ENOENT for such algorithms? - Eric
