Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS
The negative-sense of CRYPTO_MANAGER_DISABLE_TESTS is a longstanding
mistake that regularly causes confusion. Especially bad is that you can
have CRYPTO=n && CRYPTO_MANAGER_DISABLE_TESTS=n, which is ambiguous.
Replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS which has the
expected behavior.
The tests continue to be disabled by default.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
authored by
Eric Biggers
and committed by
Herbert Xu
40b99697
d469eaed
+41
-40
+1
-1
arch/arm/configs/milbeaut_m10v_defconfig
+1
-1
arch/arm/configs/milbeaut_m10v_defconfig
+1
-1
arch/loongarch/configs/loongson3_defconfig
+1
-1
arch/loongarch/configs/loongson3_defconfig
+1
-1
arch/s390/configs/debug_defconfig
+1
-1
arch/s390/configs/debug_defconfig
+1
-1
arch/s390/configs/defconfig
+1
-1
arch/s390/configs/defconfig
+15
-9
crypto/Kconfig
+15
-9
crypto/Kconfig
···
25
25
26
26
config CRYPTO_FIPS
27
27
bool "FIPS 200 compliance"
28
-
depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28
+
depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && CRYPTO_SELFTESTS
29
29
depends on (MODULE_SIG || !MODULES)
30
30
help
31
31
This option enables the fips boot option which is
···
143
143
144
144
config CRYPTO_HKDF
145
145
tristate
146
-
select CRYPTO_SHA256 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
147
-
select CRYPTO_SHA512 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
146
+
select CRYPTO_SHA256 if CRYPTO_SELFTESTS
147
+
select CRYPTO_SHA512 if CRYPTO_SELFTESTS
148
148
select CRYPTO_HASH2
149
149
150
150
config CRYPTO_MANAGER
···
173
173
Userspace configuration for cryptographic instantiations such as
174
174
cbc(aes).
175
175
176
-
config CRYPTO_MANAGER_DISABLE_TESTS
177
-
bool "Disable run-time self tests"
178
-
default y
176
+
config CRYPTO_SELFTESTS
177
+
bool "Enable cryptographic self-tests"
178
+
depends on DEBUG_KERNEL
179
179
help
180
-
Disable run-time self tests that normally take place at
181
-
algorithm registration.
180
+
Enable the cryptographic self-tests.
181
+
182
+
The cryptographic self-tests run at boot time, or at algorithm
183
+
registration time if algorithms are dynamically loaded later.
184
+
185
+
This is primarily intended for developer use. It should not be
186
+
enabled in production kernels, unless you are trying to use these
187
+
tests to fulfill a FIPS testing requirement.
182
188
183
189
config CRYPTO_MANAGER_EXTRA_TESTS
184
190
bool "Enable extra run-time crypto self tests"
185
-
depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
191
+
depends on DEBUG_KERNEL && CRYPTO_SELFTESTS && CRYPTO_MANAGER
186
192
help
187
193
Enable extra run-time self tests of registered crypto algorithms,
188
194
including randomized fuzz tests.
+2
-2
crypto/algapi.c
+2
-2
crypto/algapi.c
···
275
275
struct crypto_larval *larval;
276
276
277
277
if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER) ||
278
-
IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) ||
278
+
!IS_ENABLED(CONFIG_CRYPTO_SELFTESTS) ||
279
279
(alg->cra_flags & CRYPTO_ALG_INTERNAL))
280
280
return NULL; /* No self-test needed */
281
281
···
1059
1059
if (!IS_BUILTIN(CONFIG_CRYPTO_ALGAPI))
1060
1060
return;
1061
1061
1062
-
if (IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS))
1062
+
if (!IS_ENABLED(CONFIG_CRYPTO_SELFTESTS))
1063
1063
return;
1064
1064
1065
1065
set_crypto_boot_test_finished();
+1
-1
crypto/algboss.c
+1
-1
crypto/algboss.c
+1
-2
crypto/api.c
+1
-2
crypto/api.c
···
31
31
BLOCKING_NOTIFIER_HEAD(crypto_chain);
32
32
EXPORT_SYMBOL_GPL(crypto_chain);
33
33
34
-
#if IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) && \
35
-
!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
34
+
#if IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) && IS_ENABLED(CONFIG_CRYPTO_SELFTESTS)
36
35
DEFINE_STATIC_KEY_FALSE(__crypto_boot_test_finished);
37
36
#endif
38
37
+1
-1
crypto/hkdf.c
+1
-1
crypto/hkdf.c
+2
-3
crypto/internal.h
+2
-3
crypto/internal.h
···
67
67
68
68
int alg_test(const char *driver, const char *alg, u32 type, u32 mask);
69
69
70
-
#if !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) || \
71
-
IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
70
+
#if !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) || !IS_ENABLED(CONFIG_CRYPTO_SELFTESTS)
72
71
static inline bool crypto_boot_test_finished(void)
73
72
{
74
73
return true;
···
86
87
static_branch_enable(&__crypto_boot_test_finished);
87
88
}
88
89
#endif /* !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) ||
89
-
* IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
90
+
* !IS_ENABLED(CONFIG_CRYPTO_SELFTESTS)
90
91
*/
91
92
92
93
#ifdef CONFIG_PROC_FS
+1
-1
crypto/kdf_sp800108.c
+1
-1
crypto/kdf_sp800108.c
+6
-6
crypto/testmgr.c
+6
-6
crypto/testmgr.c
···
55
55
MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations");
56
56
#endif
57
57
58
-
#ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
58
+
#ifndef CONFIG_CRYPTO_SELFTESTS
59
59
60
60
/* a perfect nop */
61
61
int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
···
321
321
322
322
/*
323
323
* The following are the lists of testvec_configs to test for each algorithm
324
-
* type when the basic crypto self-tests are enabled, i.e. when
325
-
* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test
326
-
* coverage, while keeping the test time much shorter than the full fuzz tests
327
-
* so that the basic tests can be enabled in a wider range of circumstances.
324
+
* type when the basic crypto self-tests are enabled. They aim to provide good
325
+
* test coverage, while keeping the test time much shorter than the full fuzz
326
+
* tests so that the basic tests can be enabled in a wider range of
327
+
* circumstances.
328
328
*/
329
329
330
330
/* Configs for skciphers and aeads */
···
5899
5899
return alg_fips_disabled(driver, alg);
5900
5900
}
5901
5901
5902
-
#endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
5902
+
#endif /* CONFIG_CRYPTO_SELFTESTS */
5903
5903
5904
5904
EXPORT_SYMBOL_GPL(alg_test);
+3
-6
lib/crypto/Makefile
+3
-6
lib/crypto/Makefile
···
25
25
obj-y += libblake2s.o
26
26
libblake2s-y := blake2s.o
27
27
libblake2s-$(CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC) += blake2s-generic.o
28
+
libblake2s-$(CONFIG_CRYPTO_SELFTESTS) += blake2s-selftest.o
28
29
29
30
obj-$(CONFIG_CRYPTO_LIB_CHACHA20POLY1305) += libchacha20poly1305.o
30
31
libchacha20poly1305-y += chacha20poly1305.o
32
+
libchacha20poly1305-$(CONFIG_CRYPTO_SELFTESTS) += chacha20poly1305-selftest.o
31
33
32
34
obj-$(CONFIG_CRYPTO_LIB_CURVE25519_GENERIC) += libcurve25519-generic.o
33
35
libcurve25519-generic-y := curve25519-fiat32.o
···
38
36
39
37
obj-$(CONFIG_CRYPTO_LIB_CURVE25519) += libcurve25519.o
40
38
libcurve25519-y += curve25519.o
39
+
libcurve25519-$(CONFIG_CRYPTO_SELFTESTS) += curve25519-selftest.o
41
40
42
41
obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o
43
42
libdes-y := des.o
···
59
56
60
57
obj-$(CONFIG_CRYPTO_LIB_SHA256_GENERIC) += libsha256-generic.o
61
58
libsha256-generic-y := sha256-generic.o
62
-
63
-
ifneq ($(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS),y)
64
-
libblake2s-y += blake2s-selftest.o
65
-
libchacha20poly1305-y += chacha20poly1305-selftest.o
66
-
libcurve25519-y += curve25519-selftest.o
67
-
endif
68
59
69
60
obj-$(CONFIG_MPILIB) += mpi/
70
61
+1
-1
lib/crypto/aescfb.c
+1
-1
lib/crypto/aescfb.c
+1
-1
lib/crypto/aesgcm.c
+1
-1
lib/crypto/aesgcm.c
+1
-1
lib/crypto/blake2s.c
+1
-1
lib/crypto/blake2s.c
+1
-1
lib/crypto/chacha20poly1305.c
+1
-1
lib/crypto/chacha20poly1305.c