From: Marcelo Cerri <marcelo.cerri@canonical.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH 10/16] crypto: testmgr - Do not test internal algorithms
Date: Thu, 10 Nov 2016 09:32:33 -0200 [thread overview]
Message-ID: <20161110113233.GE16556@gallifrey> (raw)
In-Reply-To: <E1c1iKm-0004DQ-A4@gondolin.me.apana.org.au>
[-- Attachment #1: Type: text/plain, Size: 9874 bytes --]
I tested this patch and it's working fine.
--
Regards,
Marcelo
On Wed, Nov 02, 2016 at 07:19:12AM +0800, Herbert Xu wrote:
> Currently we manually filter out internal algorithms using a list
> in testmgr. This is dangerous as internal algorithms cannot be
> safely used even by testmgr. This patch ensures that they're never
> processed by testmgr at all.
>
> This patch also removes an obsolete bypass for nivciphers which
> no longer exist.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> ---
>
> crypto/algboss.c | 8 --
> crypto/testmgr.c | 153 +++----------------------------------------------------
> 2 files changed, 11 insertions(+), 150 deletions(-)
>
> diff --git a/crypto/algboss.c b/crypto/algboss.c
> index 6e39d9c..ccb85e1 100644
> --- a/crypto/algboss.c
> +++ b/crypto/algboss.c
> @@ -247,12 +247,8 @@ static int cryptomgr_schedule_test(struct crypto_alg *alg)
> memcpy(param->alg, alg->cra_name, sizeof(param->alg));
> type = alg->cra_flags;
>
> - /* This piece of crap needs to disappear into per-type test hooks. */
> - if (!((type ^ CRYPTO_ALG_TYPE_BLKCIPHER) &
> - CRYPTO_ALG_TYPE_BLKCIPHER_MASK) && !(type & CRYPTO_ALG_GENIV) &&
> - ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
> - CRYPTO_ALG_TYPE_BLKCIPHER ? alg->cra_blkcipher.ivsize :
> - alg->cra_ablkcipher.ivsize))
> + /* Do not test internal algorithms. */
> + if (type & CRYPTO_ALG_INTERNAL)
> type |= CRYPTO_ALG_TESTED;
>
> param->type = type;
> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> index ded50b6..6ac4696 100644
> --- a/crypto/testmgr.c
> +++ b/crypto/testmgr.c
> @@ -1625,7 +1625,7 @@ static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
> struct crypto_aead *tfm;
> int err = 0;
>
> - tfm = crypto_alloc_aead(driver, type | CRYPTO_ALG_INTERNAL, mask);
> + tfm = crypto_alloc_aead(driver, type, mask);
> if (IS_ERR(tfm)) {
> printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
> "%ld\n", driver, PTR_ERR(tfm));
> @@ -1654,7 +1654,7 @@ static int alg_test_cipher(const struct alg_test_desc *desc,
> struct crypto_cipher *tfm;
> int err = 0;
>
> - tfm = crypto_alloc_cipher(driver, type | CRYPTO_ALG_INTERNAL, mask);
> + tfm = crypto_alloc_cipher(driver, type, mask);
> if (IS_ERR(tfm)) {
> printk(KERN_ERR "alg: cipher: Failed to load transform for "
> "%s: %ld\n", driver, PTR_ERR(tfm));
> @@ -1683,7 +1683,7 @@ static int alg_test_skcipher(const struct alg_test_desc *desc,
> struct crypto_skcipher *tfm;
> int err = 0;
>
> - tfm = crypto_alloc_skcipher(driver, type | CRYPTO_ALG_INTERNAL, mask);
> + tfm = crypto_alloc_skcipher(driver, type, mask);
> if (IS_ERR(tfm)) {
> printk(KERN_ERR "alg: skcipher: Failed to load transform for "
> "%s: %ld\n", driver, PTR_ERR(tfm));
> @@ -1750,7 +1750,7 @@ static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
> struct crypto_ahash *tfm;
> int err;
>
> - tfm = crypto_alloc_ahash(driver, type | CRYPTO_ALG_INTERNAL, mask);
> + tfm = crypto_alloc_ahash(driver, type, mask);
> if (IS_ERR(tfm)) {
> printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
> "%ld\n", driver, PTR_ERR(tfm));
> @@ -1778,7 +1778,7 @@ static int alg_test_crc32c(const struct alg_test_desc *desc,
> if (err)
> goto out;
>
> - tfm = crypto_alloc_shash(driver, type | CRYPTO_ALG_INTERNAL, mask);
> + tfm = crypto_alloc_shash(driver, type, mask);
> if (IS_ERR(tfm)) {
> printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
> "%ld\n", driver, PTR_ERR(tfm));
> @@ -1820,7 +1820,7 @@ static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
> struct crypto_rng *rng;
> int err;
>
> - rng = crypto_alloc_rng(driver, type | CRYPTO_ALG_INTERNAL, mask);
> + rng = crypto_alloc_rng(driver, type, mask);
> if (IS_ERR(rng)) {
> printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
> "%ld\n", driver, PTR_ERR(rng));
> @@ -1847,7 +1847,7 @@ static int drbg_cavs_test(struct drbg_testvec *test, int pr,
> if (!buf)
> return -ENOMEM;
>
> - drng = crypto_alloc_rng(driver, type | CRYPTO_ALG_INTERNAL, mask);
> + drng = crypto_alloc_rng(driver, type, mask);
> if (IS_ERR(drng)) {
> printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
> "%s\n", driver);
> @@ -2041,7 +2041,7 @@ static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
> struct crypto_kpp *tfm;
> int err = 0;
>
> - tfm = crypto_alloc_kpp(driver, type | CRYPTO_ALG_INTERNAL, mask);
> + tfm = crypto_alloc_kpp(driver, type, mask);
> if (IS_ERR(tfm)) {
> pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
> driver, PTR_ERR(tfm));
> @@ -2200,7 +2200,7 @@ static int alg_test_akcipher(const struct alg_test_desc *desc,
> struct crypto_akcipher *tfm;
> int err = 0;
>
> - tfm = crypto_alloc_akcipher(driver, type | CRYPTO_ALG_INTERNAL, mask);
> + tfm = crypto_alloc_akcipher(driver, type, mask);
> if (IS_ERR(tfm)) {
> pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
> driver, PTR_ERR(tfm));
> @@ -2223,88 +2223,6 @@ static int alg_test_null(const struct alg_test_desc *desc,
> /* Please keep this list sorted by algorithm name. */
> static const struct alg_test_desc alg_test_descs[] = {
> {
> - .alg = "__cbc-cast5-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__cbc-cast6-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__cbc-serpent-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__cbc-serpent-avx2",
> - .test = alg_test_null,
> - }, {
> - .alg = "__cbc-serpent-sse2",
> - .test = alg_test_null,
> - }, {
> - .alg = "__cbc-twofish-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-cbc-aes-aesni",
> - .test = alg_test_null,
> - .fips_allowed = 1,
> - }, {
> - .alg = "__driver-cbc-camellia-aesni",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-cbc-camellia-aesni-avx2",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-cbc-cast5-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-cbc-cast6-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-cbc-serpent-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-cbc-serpent-avx2",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-cbc-serpent-sse2",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-cbc-twofish-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-ecb-aes-aesni",
> - .test = alg_test_null,
> - .fips_allowed = 1,
> - }, {
> - .alg = "__driver-ecb-camellia-aesni",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-ecb-camellia-aesni-avx2",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-ecb-cast5-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-ecb-cast6-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-ecb-serpent-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-ecb-serpent-avx2",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-ecb-serpent-sse2",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-ecb-twofish-avx",
> - .test = alg_test_null,
> - }, {
> - .alg = "__driver-gcm-aes-aesni",
> - .test = alg_test_null,
> - .fips_allowed = 1,
> - }, {
> - .alg = "__ghash-pclmulqdqni",
> - .test = alg_test_null,
> - .fips_allowed = 1,
> - }, {
> .alg = "ansi_cprng",
> .test = alg_test_cprng,
> .suite = {
> @@ -2791,55 +2709,6 @@ static int alg_test_null(const struct alg_test_desc *desc,
> }
> }
> }, {
> - .alg = "cryptd(__driver-cbc-aes-aesni)",
> - .test = alg_test_null,
> - .fips_allowed = 1,
> - }, {
> - .alg = "cryptd(__driver-cbc-camellia-aesni)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-cbc-camellia-aesni-avx2)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-cbc-serpent-avx2)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-ecb-aes-aesni)",
> - .test = alg_test_null,
> - .fips_allowed = 1,
> - }, {
> - .alg = "cryptd(__driver-ecb-camellia-aesni)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-ecb-camellia-aesni-avx2)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-ecb-cast5-avx)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-ecb-cast6-avx)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-ecb-serpent-avx)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-ecb-serpent-avx2)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-ecb-serpent-sse2)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-ecb-twofish-avx)",
> - .test = alg_test_null,
> - }, {
> - .alg = "cryptd(__driver-gcm-aes-aesni)",
> - .test = alg_test_null,
> - .fips_allowed = 1,
> - }, {
> - .alg = "cryptd(__ghash-pclmulqdqni)",
> - .test = alg_test_null,
> - .fips_allowed = 1,
> - }, {
> .alg = "ctr(aes)",
> .test = alg_test_skcipher,
> .fips_allowed = 1,
> @@ -3166,10 +3035,6 @@ static int alg_test_null(const struct alg_test_desc *desc,
> .fips_allowed = 1,
> .test = alg_test_null,
> }, {
> - .alg = "ecb(__aes-aesni)",
> - .test = alg_test_null,
> - .fips_allowed = 1,
> - }, {
> .alg = "ecb(aes)",
> .test = alg_test_skcipher,
> .fips_allowed = 1,
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
next prev parent reply other threads:[~2016-11-10 11:32 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-01 23:16 [PATCH 0/16] crypto: skcipher - skcipher algorithm conversion part 3 Herbert Xu
2016-11-01 23:19 ` [PATCH 1/16] crypto: skcipher - Add skcipher walk interface Herbert Xu
2016-11-02 20:54 ` Eric Biggers
2016-11-11 11:19 ` Herbert Xu
2016-11-01 23:19 ` [PATCH 2/16] crypto: aes-ce-ccm - Use " Herbert Xu
2016-11-01 23:19 ` [PATCH 3/16] crypto: lrw - Convert to skcipher Herbert Xu
2016-11-01 23:19 ` [PATCH 4/16] crypto: xts " Herbert Xu
2016-11-01 23:19 ` [PATCH 5/16] crypto: api - Do not clear type bits in crypto_larval_lookup Herbert Xu
2016-11-01 23:19 ` [PATCH 6/16] crypto: cryptd - Add support for skcipher Herbert Xu
2016-11-01 23:19 ` [PATCH 7/16] crypto: simd - Add simd skcipher helper Herbert Xu
2016-11-01 23:19 ` [PATCH 8/16] crypto: pcbc - Convert to skcipher Herbert Xu
2016-11-01 23:19 ` [PATCH 9/16] crypto: glue_helper - Add skcipher xts helpers Herbert Xu
2016-11-01 23:19 ` [PATCH 10/16] crypto: testmgr - Do not test internal algorithms Herbert Xu
2016-11-10 11:32 ` Marcelo Cerri [this message]
2016-11-01 23:19 ` [PATCH 11/16] crypto: aesni - Convert to skcipher Herbert Xu
2016-11-01 23:19 ` [PATCH 12/16] crypto: arm64/aes " Herbert Xu
2016-11-01 23:19 ` [PATCH 13/16] crypto: aes-ce " Herbert Xu
2016-11-01 23:19 ` [PATCH 14/16] crypto: cbc " Herbert Xu
2016-11-01 23:19 ` [PATCH 15/16] crypto: cbc - Export CBC implementation Herbert Xu
2016-11-01 23:19 ` [PATCH 16/16] crypto: aesbs - Convert to skcipher Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161110113233.GE16556@gallifrey \
--to=marcelo.cerri@canonical.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.