summaryrefslogtreecommitdiffstats
path: root/crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch
blob: 9aef14c529e65c6d0b6365379f69f05cdbe33a30 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
From 6c79294f44fd7d1122cbaabff3b9815b074c0dd0 Mon Sep 17 00:00:00 2001
From: Milan Broz <mbroz@redhat.com>
Date: Fri, 29 Jun 2012 22:08:09 +0200
Subject: [PATCH] crypto: testmgr - allow aesni-intel and ghash_clmulni-intel
 in fips mode

Patch 863b557a88f8c033f7419fabafef4712a5055f85 added NULL entries
for intel accelerated drivers but did not marked these fips allowed.
This cause panic if running tests with fips=1.

For ghash, fips_allowed flag was added in patch
18c0ebd2d8194cce4b3f67e2903fa01bea892cbc.

Without patch, "modprobe tcrypt" fails with
  alg: skcipher: Failed to load transform for cbc-aes-aesni: -2
  cbc-aes-aesni: cbc(aes) alg self test failed in fips mode!
  (panic)

Also add missing cryptd(__driver-cbc-aes-aesni) and
cryptd(__driver-gcm-aes-aesni) test to complement
null tests above, otherwise system complains with
  alg: No test for __cbc-aes-aesni (cryptd(__driver-cbc-aes-aesni))
  alg: No test for __gcm-aes-aesni (cryptd(__driver-gcm-aes-aesni))

Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Paul Wouters <pwouters@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
 crypto/testmgr.c |   38 ++++++++++++++++++++++++++++++++++++++
 1 files changed, 38 insertions(+), 0 deletions(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 36748a5..4308a11 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1581,6 +1581,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "__driver-cbc-aes-aesni",
 		.test = alg_test_null,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1641,6 +1642,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "__driver-ecb-aes-aesni",
 		.test = alg_test_null,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1701,6 +1703,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "__ghash-pclmulqdqni",
 		.test = alg_test_null,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = NULL,
@@ -1866,8 +1869,25 @@ static const struct alg_test_desc alg_test_descs[] = {
 			}
 		}
 	}, {
+		.alg = "cryptd(__driver-cbc-aes-aesni)",
+		.test = alg_test_null,
+		.fips_allowed = 1,
+		.suite = {
+			.cipher = {
+				.enc = {
+					.vecs = NULL,
+					.count = 0
+				},
+				.dec = {
+					.vecs = NULL,
+					.count = 0
+				}
+			}
+		}
+	}, {
 		.alg = "cryptd(__driver-ecb-aes-aesni)",
 		.test = alg_test_null,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
@@ -1926,8 +1946,25 @@ static const struct alg_test_desc alg_test_descs[] = {
 			}
 		}
 	}, {
+		.alg = "cryptd(__driver-gcm-aes-aesni)",
+		.test = alg_test_null,
+		.fips_allowed = 1,
+		.suite = {
+			.cipher = {
+				.enc = {
+					.vecs = NULL,
+					.count = 0
+				},
+				.dec = {
+					.vecs = NULL,
+					.count = 0
+				}
+			}
+		}
+	}, {
 		.alg = "cryptd(__ghash-pclmulqdqni)",
 		.test = alg_test_null,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = {
 				.vecs = NULL,
@@ -2043,6 +2080,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ecb(__aes-aesni)",
 		.test = alg_test_null,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = {
 				.enc = {
-- 
1.7.6.5