From: Krzysztof Halasa <khc@pm.waw.pl>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: Crypto test results unused?
Date: Tue, 12 Jan 2010 18:55:07 +0100 [thread overview]
Message-ID: <m37hrn1a4k.fsf@intrepid.localdomain> (raw)
In-Reply-To: <20100112111439.GA31504@gondor.apana.org.au> (Herbert Xu's message of "Tue, 12 Jan 2010 22:14:39 +1100")
Herbert Xu <herbert@gondor.apana.org.au> writes:
>> On little-endian IXP4xx 3 hardware-assisted algorithms fail (due to
>> apparently unrelated bug which I will take care of). It seems the kernel
>> is still using these failing algorithms (my debugging code adds extra
>> fields to the /proc output):
>
> How did you determine that it was still being used? When a kernel
> user requests for an algorithm the system is supposed to skip
> anything which failed the self-test.
cat /proc/crypto shows "selftest: unknown" for those failed tests. I
don't know if that means it's used, but I'd expect "failed" or something
like that. Maybe it's simply a problem in /proc/crypto output.
> CRYPTO_ALG_DEAD is used to mark algorithms deleted from the
> system. However, we don't delete algorithms just because they
> fail the self-test. They remain in the system so you can come
> back and diagnose the problem. They just aren't used by anyone.
Great.
Currently the /proc/crypto contains:
- for passed tests: "selftest: passed" (which is of course right)
- for failed tests: "selftest: unknown" (which is a surprise for me):
alg: skcipher: Test 1 failed on encryption for ecb(des)-ixp4xx
00000000: 01 23 45 67 89 ab cd e7
name : ecb(des)
driver : ecb(des)-ixp4xx
module : ixp4xx_crypto
priority : 300
refcnt : 1
selftest : unknown
type : ablkcipher
async : yes
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 0
geniv : <default>
- for routines without a test: "selftest: passed" (which isn't true
either)
alg: No test for authenc(hmac(md5),cbc(des)) (authenc(hmac(md5),cbc(des))-ixp4xx)
name : authenc(hmac(md5),cbc(des))
driver : authenc(hmac(md5),cbc(des))-ixp4xx
module : ixp4xx_crypto
priority : 300
refcnt : 1
selftest : passed
type : aead
async : yes
blocksize : 8
ivsize : 8
maxauthsize : 16
geniv : <built-in>
I think we need a way to differentiate between "really unknown" and
"failed", do we need another flag for it?
--
Krzysztof Halasa
next prev parent reply other threads:[~2010-01-12 17:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-28 18:12 Crypto test results unused? Krzysztof Halasa
2009-12-28 19:44 ` Krzysztof Halasa
2009-12-28 20:14 ` Krzysztof Halasa
2010-01-12 11:14 ` Herbert Xu
2010-01-12 17:55 ` Krzysztof Halasa [this message]
2010-01-12 22:44 ` Herbert Xu
2010-01-13 15:07 ` Krzysztof Halasa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m37hrn1a4k.fsf@intrepid.localdomain \
--to=khc@pm.waw.pl \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox