Re: [PATCH 10/16] crypto: testmgr - Do not test internal algorithms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I tested this patch and it's working fine.

-- 
Regards,
Marcelo

On Wed, Nov 02, 2016 at 07:19:12AM +0800, Herbert Xu wrote:
> Currently we manually filter out internal algorithms using a list
> in testmgr.  This is dangerous as internal algorithms cannot be
> safely used even by testmgr.  This patch ensures that they're never
> processed by testmgr at all.
> 
> This patch also removes an obsolete bypass for nivciphers which
> no longer exist.
> 
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> ---
> 
>  crypto/algboss.c |    8 --
>  crypto/testmgr.c |  153 +++----------------------------------------------------
>  2 files changed, 11 insertions(+), 150 deletions(-)
> 
> diff --git a/crypto/algboss.c b/crypto/algboss.c
> index 6e39d9c..ccb85e1 100644
> --- a/crypto/algboss.c
> +++ b/crypto/algboss.c
> @@ -247,12 +247,8 @@ static int cryptomgr_schedule_test(struct crypto_alg *alg)
>  	memcpy(param->alg, alg->cra_name, sizeof(param->alg));
>  	type = alg->cra_flags;
>  
> -	/* This piece of crap needs to disappear into per-type test hooks. */
> -	if (!((type ^ CRYPTO_ALG_TYPE_BLKCIPHER) &
> -	      CRYPTO_ALG_TYPE_BLKCIPHER_MASK) && !(type & CRYPTO_ALG_GENIV) &&
> -	    ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
> -	     CRYPTO_ALG_TYPE_BLKCIPHER ? alg->cra_blkcipher.ivsize :
> -					 alg->cra_ablkcipher.ivsize))
> +	/* Do not test internal algorithms. */
> +	if (type & CRYPTO_ALG_INTERNAL)
>  		type |= CRYPTO_ALG_TESTED;
>  
>  	param->type = type;
> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> index ded50b6..6ac4696 100644
> --- a/crypto/testmgr.c
> +++ b/crypto/testmgr.c
> @@ -1625,7 +1625,7 @@ static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
>  	struct crypto_aead *tfm;
>  	int err = 0;
>  
> -	tfm = crypto_alloc_aead(driver, type | CRYPTO_ALG_INTERNAL, mask);
> +	tfm = crypto_alloc_aead(driver, type, mask);
>  	if (IS_ERR(tfm)) {
>  		printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
>  		       "%ld\n", driver, PTR_ERR(tfm));
> @@ -1654,7 +1654,7 @@ static int alg_test_cipher(const struct alg_test_desc *desc,
>  	struct crypto_cipher *tfm;
>  	int err = 0;
>  
> -	tfm = crypto_alloc_cipher(driver, type | CRYPTO_ALG_INTERNAL, mask);
> +	tfm = crypto_alloc_cipher(driver, type, mask);
>  	if (IS_ERR(tfm)) {
>  		printk(KERN_ERR "alg: cipher: Failed to load transform for "
>  		       "%s: %ld\n", driver, PTR_ERR(tfm));
> @@ -1683,7 +1683,7 @@ static int alg_test_skcipher(const struct alg_test_desc *desc,
>  	struct crypto_skcipher *tfm;
>  	int err = 0;
>  
> -	tfm = crypto_alloc_skcipher(driver, type | CRYPTO_ALG_INTERNAL, mask);
> +	tfm = crypto_alloc_skcipher(driver, type, mask);
>  	if (IS_ERR(tfm)) {
>  		printk(KERN_ERR "alg: skcipher: Failed to load transform for "
>  		       "%s: %ld\n", driver, PTR_ERR(tfm));
> @@ -1750,7 +1750,7 @@ static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
>  	struct crypto_ahash *tfm;
>  	int err;
>  
> -	tfm = crypto_alloc_ahash(driver, type | CRYPTO_ALG_INTERNAL, mask);
> +	tfm = crypto_alloc_ahash(driver, type, mask);
>  	if (IS_ERR(tfm)) {
>  		printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
>  		       "%ld\n", driver, PTR_ERR(tfm));
> @@ -1778,7 +1778,7 @@ static int alg_test_crc32c(const struct alg_test_desc *desc,
>  	if (err)
>  		goto out;
>  
> -	tfm = crypto_alloc_shash(driver, type | CRYPTO_ALG_INTERNAL, mask);
> +	tfm = crypto_alloc_shash(driver, type, mask);
>  	if (IS_ERR(tfm)) {
>  		printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
>  		       "%ld\n", driver, PTR_ERR(tfm));
> @@ -1820,7 +1820,7 @@ static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
>  	struct crypto_rng *rng;
>  	int err;
>  
> -	rng = crypto_alloc_rng(driver, type | CRYPTO_ALG_INTERNAL, mask);
> +	rng = crypto_alloc_rng(driver, type, mask);
>  	if (IS_ERR(rng)) {
>  		printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
>  		       "%ld\n", driver, PTR_ERR(rng));
> @@ -1847,7 +1847,7 @@ static int drbg_cavs_test(struct drbg_testvec *test, int pr,
>  	if (!buf)
>  		return -ENOMEM;
>  
> -	drng = crypto_alloc_rng(driver, type | CRYPTO_ALG_INTERNAL, mask);
> +	drng = crypto_alloc_rng(driver, type, mask);
>  	if (IS_ERR(drng)) {
>  		printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
>  		       "%s\n", driver);
> @@ -2041,7 +2041,7 @@ static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
>  	struct crypto_kpp *tfm;
>  	int err = 0;
>  
> -	tfm = crypto_alloc_kpp(driver, type | CRYPTO_ALG_INTERNAL, mask);
> +	tfm = crypto_alloc_kpp(driver, type, mask);
>  	if (IS_ERR(tfm)) {
>  		pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
>  		       driver, PTR_ERR(tfm));
> @@ -2200,7 +2200,7 @@ static int alg_test_akcipher(const struct alg_test_desc *desc,
>  	struct crypto_akcipher *tfm;
>  	int err = 0;
>  
> -	tfm = crypto_alloc_akcipher(driver, type | CRYPTO_ALG_INTERNAL, mask);
> +	tfm = crypto_alloc_akcipher(driver, type, mask);
>  	if (IS_ERR(tfm)) {
>  		pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
>  		       driver, PTR_ERR(tfm));
> @@ -2223,88 +2223,6 @@ static int alg_test_null(const struct alg_test_desc *desc,
>  /* Please keep this list sorted by algorithm name. */
>  static const struct alg_test_desc alg_test_descs[] = {
>  	{
> -		.alg = "__cbc-cast5-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__cbc-cast6-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__cbc-serpent-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__cbc-serpent-avx2",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__cbc-serpent-sse2",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__cbc-twofish-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-cbc-aes-aesni",
> -		.test = alg_test_null,
> -		.fips_allowed = 1,
> -	}, {
> -		.alg = "__driver-cbc-camellia-aesni",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-cbc-camellia-aesni-avx2",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-cbc-cast5-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-cbc-cast6-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-cbc-serpent-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-cbc-serpent-avx2",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-cbc-serpent-sse2",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-cbc-twofish-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-ecb-aes-aesni",
> -		.test = alg_test_null,
> -		.fips_allowed = 1,
> -	}, {
> -		.alg = "__driver-ecb-camellia-aesni",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-ecb-camellia-aesni-avx2",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-ecb-cast5-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-ecb-cast6-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-ecb-serpent-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-ecb-serpent-avx2",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-ecb-serpent-sse2",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-ecb-twofish-avx",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "__driver-gcm-aes-aesni",
> -		.test = alg_test_null,
> -		.fips_allowed = 1,
> -	}, {
> -		.alg = "__ghash-pclmulqdqni",
> -		.test = alg_test_null,
> -		.fips_allowed = 1,
> -	}, {
>  		.alg = "ansi_cprng",
>  		.test = alg_test_cprng,
>  		.suite = {
> @@ -2791,55 +2709,6 @@ static int alg_test_null(const struct alg_test_desc *desc,
>  			}
>  		}
>  	}, {
> -		.alg = "cryptd(__driver-cbc-aes-aesni)",
> -		.test = alg_test_null,
> -		.fips_allowed = 1,
> -	}, {
> -		.alg = "cryptd(__driver-cbc-camellia-aesni)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-cbc-camellia-aesni-avx2)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-cbc-serpent-avx2)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-ecb-aes-aesni)",
> -		.test = alg_test_null,
> -		.fips_allowed = 1,
> -	}, {
> -		.alg = "cryptd(__driver-ecb-camellia-aesni)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-ecb-camellia-aesni-avx2)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-ecb-cast5-avx)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-ecb-cast6-avx)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-ecb-serpent-avx)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-ecb-serpent-avx2)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-ecb-serpent-sse2)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-ecb-twofish-avx)",
> -		.test = alg_test_null,
> -	}, {
> -		.alg = "cryptd(__driver-gcm-aes-aesni)",
> -		.test = alg_test_null,
> -		.fips_allowed = 1,
> -	}, {
> -		.alg = "cryptd(__ghash-pclmulqdqni)",
> -		.test = alg_test_null,
> -		.fips_allowed = 1,
> -	}, {
>  		.alg = "ctr(aes)",
>  		.test = alg_test_skcipher,
>  		.fips_allowed = 1,
> @@ -3166,10 +3035,6 @@ static int alg_test_null(const struct alg_test_desc *desc,
>  		.fips_allowed = 1,
>  		.test = alg_test_null,
>  	}, {
> -		.alg = "ecb(__aes-aesni)",
> -		.test = alg_test_null,
> -		.fips_allowed = 1,
> -	}, {
>  		.alg = "ecb(aes)",
>  		.test = alg_test_skcipher,
>  		.fips_allowed = 1,
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux