Hi, albeit it makes most sense to have asym self tests in the test manager as we do right now, may I suggest some changes to it as follows. The issue I see is that asym operations are very expensive. As we currently have RSA only, I can only refer to its implementation. But in general, all new-and-coming asym self tests should be assessed accordingly. May I suggest to do the following: - remove all self tests except the 2k tests. As the math works independent of the key size, testing one key size is sufficient to demonstrate that the math still works. - If we booted in FIPS mode, and we have PKCS#1 compiled, then: * do not execute the raw RSA self test mentioned above * perform an enc/dec test using the kernel crypto API with a 2k key * if the asym key API is compiled, add a self test for siggen/ver With this approach, I would see that we limit the impact of the self test to "normal" users as well as FIPS related use cases. If agreed, I could offer to implement the changes. Note, currently the self tests for RSA is not appropriate to allow the cipher in FIPS mode (i.e. the fips_allowed=1 flag is actually not correct in the current implementation). Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
