Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6c79294f authored by Milan Broz's avatar Milan Broz Committed by Herbert Xu
Browse files

crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode 



Patch 863b557a added NULL entries
for intel accelerated drivers but did not marked these fips allowed.
This cause panic if running tests with fips=1.

For ghash, fips_allowed flag was added in patch
18c0ebd2.

Without patch, "modprobe tcrypt" fails with
  alg: skcipher: Failed to load transform for cbc-aes-aesni: -2
  cbc-aes-aesni: cbc(aes) alg self test failed in fips mode!
  (panic)

Also add missing cryptd(__driver-cbc-aes-aesni) and
cryptd(__driver-gcm-aes-aesni) test to complement
null tests above, otherwise system complains with
  alg: No test for __cbc-aes-aesni (cryptd(__driver-cbc-aes-aesni))
  alg: No test for __gcm-aes-aesni (cryptd(__driver-gcm-aes-aesni))

Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
Signed-off-by: default avatarPaul Wouters <pwouters@redhat.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent b329669e

crypto/testmgr.c

+38 −0
Original line number Diff line number Diff line
@@ -1581,6 +1581,7 @@ static const struct alg_test_desc alg_test_descs[] = { 
	}, {

		.alg = "__driver-cbc-aes-aesni",

		.test = alg_test_null,

		.fips_allowed = 1,

		.suite = {

			.cipher = {

				.enc = {
@@ -1641,6 +1642,7 @@ static const struct alg_test_desc alg_test_descs[] = { 
	}, {

		.alg = "__driver-ecb-aes-aesni",

		.test = alg_test_null,

		.fips_allowed = 1,

		.suite = {

			.cipher = {

				.enc = {
@@ -1701,6 +1703,7 @@ static const struct alg_test_desc alg_test_descs[] = { 
	}, {

		.alg = "__ghash-pclmulqdqni",

		.test = alg_test_null,

		.fips_allowed = 1,

		.suite = {

			.hash = {

				.vecs = NULL,
@@ -1865,9 +1868,26 @@ static const struct alg_test_desc alg_test_descs[] = { 
				.count = CRC32C_TEST_VECTORS

			}

		}

	}, {

		.alg = "cryptd(__driver-cbc-aes-aesni)",

		.test = alg_test_null,

		.fips_allowed = 1,

		.suite = {

			.cipher = {

				.enc = {

					.vecs = NULL,

					.count = 0

				},

				.dec = {

					.vecs = NULL,

					.count = 0

				}

			}

		}

	}, {

		.alg = "cryptd(__driver-ecb-aes-aesni)",

		.test = alg_test_null,

		.fips_allowed = 1,

		.suite = {

			.cipher = {

				.enc = {
@@ -1925,9 +1945,26 @@ static const struct alg_test_desc alg_test_descs[] = { 
				}

			}

		}

	}, {

		.alg = "cryptd(__driver-gcm-aes-aesni)",

		.test = alg_test_null,

		.fips_allowed = 1,

		.suite = {

			.cipher = {

				.enc = {

					.vecs = NULL,

					.count = 0

				},

				.dec = {

					.vecs = NULL,

					.count = 0

				}

			}

		}

	}, {

		.alg = "cryptd(__ghash-pclmulqdqni)",

		.test = alg_test_null,

		.fips_allowed = 1,

		.suite = {

			.hash = {

				.vecs = NULL,
@@ -2043,6 +2080,7 @@ static const struct alg_test_desc alg_test_descs[] = { 
	}, {

		.alg = "ecb(__aes-aesni)",

		.test = alg_test_null,

		.fips_allowed = 1,

		.suite = {

			.cipher = {

				.enc = {