On Wed, Jan 23, 2013 at 04:18:32PM +0100, Stephan Mueller wrote: > 3. in the cipher initialization code of the crypto API (i.e. the one > behind crypto_register_alg()), you check the signature check flag -- > panic the kernel when the flag shows that the signature check failed > > This way you limit the panic on signature checks in FIPS mode to the > crypto modules. >
I was hoping we could just do what we do for driver/staging and set a flag in modpost for crypto modules, but it looks like since we have crypto modules outside of crypto/ for things like aesni, that won't work. Maybe that is a better choice, but it seems like an awful kludge. --Kyle -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/