Re: [PATCH] crypto: Force panic on continuous CPRNG test failurewhen in FIPS mode

From: Herbert Xu
Date: Thu Feb 05 2009 - 00:02:15 EST


On Wed, Jan 28, 2009 at 07:58:48AM -0500, Neil Horman wrote:
>
> FIPS 140-2 specifies that all access to various cryptographic modules be
> prevented in the event that any of the provided self tests fail on the various
> implemented algorithms. We already panic when any of the test in testmgr.c
> fail when we are operating in fips mode. The continuous test in the cprng here
> was missed when that was implmented. This code simply checks for the
> fips_enabled flag if the test fails, and warns us via syslog or panics the box
> accordingly.
>
> Signed-off-by: Neil Horman <nhorman@xxxxxxxxxxxxx>

Patch applied. Thanks Neil.
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/