On Sun, Oct 08, 2023 at 07:31:16PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Since commit adad556efcdd ("crypto: api - Fix built-in testing > dependency failures"), the following warning appears when booting an > x86_64 kernel that is configured with > CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y and CONFIG_CRYPTO_AES_NI_INTEL=y, > even when CONFIG_CRYPTO_XTS=y and CONFIG_CRYPTO_AES=y: > > alg: skcipher: skipping comparison tests for xts-aes-aesni because xts(ecb(aes-generic)) is unavailable > > This is caused by an issue in the xts template where it allocates an > "aes" single-block cipher without declaring a dependency on it via the > crypto_spawn mechanism. This issue was exposed by the above commit > because it reversed the order that the algorithms are tested in. > > Specifically, when "xts(ecb(aes-generic))" is instantiated and tested > during the comparison tests for "xts-aes-aesni", the "xts" template > allocates an "aes" crypto_cipher for encrypting tweaks. This resolves > to "aes-aesni". (Getting "aes-aesni" instead of "aes-generic" here is a > bit weird, but it's apparently intended.) Due to the above-mentioned > commit, the testing of "aes-aesni", and the finalization of its > registration, now happens at this point instead of before. At the end > of that, crypto_remove_spawns() unregisters all algorithm instances that > depend on a lower-priority "aes" implementation such as "aes-generic" > but that do not depend on "aes-aesni". However, because "xts" does not > use the crypto_spawn mechanism for its "aes", its dependency on > "aes-aesni" is not recognized by crypto_remove_spawns(). Thus, > crypto_remove_spawns() unexpectedly unregisters "xts(ecb(aes-generic))". > > Fix this issue by making the "xts" template use the crypto_spawn > mechanism for its "aes" dependency, like what other templates do. > > Note, this fix could be applied as far back as commit f1c131b45410 > ("crypto: xts - Convert to skcipher"). However, the issue only got > exposed by the much more recent changes to how the crypto API runs the > self-tests, so there should be no need to backport this to very old > kernels. Also, an alternative fix would be to flip the list iteration > order in crypto_start_tests() to restore the original testing order. > I'm thinking we should do that too, since the original order seems more > natural, but it shouldn't be relied on for correctness. > > Fixes: adad556efcdd ("crypto: api - Fix built-in testing dependency failures") > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> BTW, I noticed that the essiv template has this problem too. It shows up when essiv-cbc-aes-sha256-ce is tested on arm64. - Eric