diff options
author | Milan Broz <mbroz@redhat.com> | 2012-06-29 22:08:09 +0200 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2012-07-11 11:06:15 +0800 |
commit | 6c79294f44fd7d1122cbaabff3b9815b074c0dd0 (patch) | |
tree | f9572a8056ab494a6191ea4bb8d53593feb9119c /crypto/testmgr.c | |
parent | b329669ea0b5b02efd41f94372bcf0e988814af4 (diff) | |
download | lwn-6c79294f44fd7d1122cbaabff3b9815b074c0dd0.tar.gz lwn-6c79294f44fd7d1122cbaabff3b9815b074c0dd0.zip |
crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode
Patch 863b557a88f8c033f7419fabafef4712a5055f85 added NULL entries
for intel accelerated drivers but did not marked these fips allowed.
This cause panic if running tests with fips=1.
For ghash, fips_allowed flag was added in patch
18c0ebd2d8194cce4b3f67e2903fa01bea892cbc.
Without patch, "modprobe tcrypt" fails with
alg: skcipher: Failed to load transform for cbc-aes-aesni: -2
cbc-aes-aesni: cbc(aes) alg self test failed in fips mode!
(panic)
Also add missing cryptd(__driver-cbc-aes-aesni) and
cryptd(__driver-gcm-aes-aesni) test to complement
null tests above, otherwise system complains with
alg: No test for __cbc-aes-aesni (cryptd(__driver-cbc-aes-aesni))
alg: No test for __gcm-aes-aesni (cryptd(__driver-gcm-aes-aesni))
Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Paul Wouters <pwouters@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/testmgr.c')
-rw-r--r-- | crypto/testmgr.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 36748a5996e2..4308a11f129c 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1581,6 +1581,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__driver-cbc-aes-aesni", .test = alg_test_null, + .fips_allowed = 1, .suite = { .cipher = { .enc = { @@ -1641,6 +1642,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__driver-ecb-aes-aesni", .test = alg_test_null, + .fips_allowed = 1, .suite = { .cipher = { .enc = { @@ -1701,6 +1703,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__ghash-pclmulqdqni", .test = alg_test_null, + .fips_allowed = 1, .suite = { .hash = { .vecs = NULL, @@ -1866,8 +1869,25 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { + .alg = "cryptd(__driver-cbc-aes-aesni)", + .test = alg_test_null, + .fips_allowed = 1, + .suite = { + .cipher = { + .enc = { + .vecs = NULL, + .count = 0 + }, + .dec = { + .vecs = NULL, + .count = 0 + } + } + } + }, { .alg = "cryptd(__driver-ecb-aes-aesni)", .test = alg_test_null, + .fips_allowed = 1, .suite = { .cipher = { .enc = { @@ -1926,8 +1946,25 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { + .alg = "cryptd(__driver-gcm-aes-aesni)", + .test = alg_test_null, + .fips_allowed = 1, + .suite = { + .cipher = { + .enc = { + .vecs = NULL, + .count = 0 + }, + .dec = { + .vecs = NULL, + .count = 0 + } + } + } + }, { .alg = "cryptd(__ghash-pclmulqdqni)", .test = alg_test_null, + .fips_allowed = 1, .suite = { .hash = { .vecs = NULL, @@ -2043,6 +2080,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ecb(__aes-aesni)", .test = alg_test_null, + .fips_allowed = 1, .suite = { .cipher = { .enc = { |