Am Montag, 29. Mai 2017, 11:47:48 CEST schrieb Tudor Ambarus:
Hi Tudor,
> > Hm, there should be no blocking for the DRBG to initialize.
> >
> > What happens if you compile that as a module and insmod it at runtime?
>
> We will have a nop:
>
> #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
>
> /* a perfect nop */
> int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
> {
> printk(KERN_ERR "no op in alg_test");
> return 0;
> }
>
> #else
> ...
> #endif
>
> If I further mangle it and change #ifdef with #ifndef then the tests are
> passing.
Can you please enable the testmgr in the kernel config and compile the DH/ECDH
code as a module. Then I would insmod the dh/ecdh kernel module to see whether
the self tests work or not.
Note, if you use the calls of crypto_get_default_rng and friends, the DRBG
must be present in the kernel at the time of calling. I.e. if you statically
compile dh/ecdh but compile the RNG support as a module, the RNG will not load
during self test. If you compile dh/ecdh as a module, the RNG can stay as a
module.
Ciao
Stephan
