Commit 0fa52482 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'v6.16-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 

Pull crypto fixes from Herbert Xu:
 "This fixes a regression in ahash (broken fallback finup) and
  reinstates a Kconfig option to control the extra self-tests"

* tag 'v6.16-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: ahash - Fix infinite recursion in ahash_def_finup
  crypto: testmgr - reinstate kconfig control over full self-tests
parents 41687a5c df29f603

crypto/Kconfig

+21 −4
Original line number Diff line number Diff line
@@ -176,16 +176,33 @@ config CRYPTO_USER 


config CRYPTO_SELFTESTS

	bool "Enable cryptographic self-tests"

	depends on DEBUG_KERNEL

	depends on EXPERT

	help

	  Enable the cryptographic self-tests.



	  The cryptographic self-tests run at boot time, or at algorithm

	  registration time if algorithms are dynamically loaded later.



	  This is primarily intended for developer use.  It should not be

	  enabled in production kernels, unless you are trying to use these

	  tests to fulfill a FIPS testing requirement.

	  There are two main use cases for these tests:



	  - Development and pre-release testing.  In this case, also enable

	    CRYPTO_SELFTESTS_FULL to get the full set of tests.  All crypto code

	    in the kernel is expected to pass the full set of tests.



	  - Production kernels, to help prevent buggy drivers from being used

	    and/or meet FIPS 140-3 pre-operational testing requirements.  In

	    this case, enable CRYPTO_SELFTESTS but not CRYPTO_SELFTESTS_FULL.



config CRYPTO_SELFTESTS_FULL

	bool "Enable the full set of cryptographic self-tests"

	depends on CRYPTO_SELFTESTS

	help

	  Enable the full set of cryptographic self-tests for each algorithm.



	  The full set of tests should be enabled for development and

	  pre-release testing, but not in production kernels.



	  All crypto code in the kernel is expected to pass the full tests.



config CRYPTO_NULL

	tristate "Null algorithms"

crypto/ahash.c

+3 −1
Original line number Diff line number Diff line
@@ -600,12 +600,14 @@ static void ahash_def_finup_done2(void *data, int err) 


static int ahash_def_finup_finish1(struct ahash_request *req, int err)

{

	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);



	if (err)

		goto out;



	req->base.complete = ahash_def_finup_done2;



	err = crypto_ahash_final(req);

	err = crypto_ahash_alg(tfm)->final(req);

	if (err == -EINPROGRESS || err == -EBUSY)

		return err;

crypto/testmgr.c

+12 −3
Original line number Diff line number Diff line
@@ -45,6 +45,7 @@ static bool notests; 
module_param(notests, bool, 0644);

MODULE_PARM_DESC(notests, "disable all crypto self-tests");



#ifdef CONFIG_CRYPTO_SELFTESTS_FULL

static bool noslowtests;

module_param(noslowtests, bool, 0644);

MODULE_PARM_DESC(noslowtests, "disable slow crypto self-tests");
@@ -52,6 +53,10 @@ MODULE_PARM_DESC(noslowtests, "disable slow crypto self-tests"); 
static unsigned int fuzz_iterations = 100;

module_param(fuzz_iterations, uint, 0644);

MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations");

#else

#define noslowtests 1

#define fuzz_iterations 0

#endif



#ifndef CONFIG_CRYPTO_SELFTESTS
@@ -319,9 +324,9 @@ struct testvec_config { 


/*

 * The following are the lists of testvec_configs to test for each algorithm

 * type when the fast crypto self-tests are enabled.  They aim to provide good

 * test coverage, while keeping the test time much shorter than the full tests

 * so that the fast tests can be used to fulfill FIPS 140 testing requirements.

 * type when the "fast" crypto self-tests are enabled.  They aim to provide good

 * test coverage, while keeping the test time much shorter than the "full" tests

 * so that the "fast" tests can be enabled in a wider range of circumstances.

 */



/* Configs for skciphers and aeads */
@@ -1183,14 +1188,18 @@ static void generate_random_testvec_config(struct rnd_state *rng, 


static void crypto_disable_simd_for_test(void)

{

#ifdef CONFIG_CRYPTO_SELFTESTS_FULL

	migrate_disable();

	__this_cpu_write(crypto_simd_disabled_for_test, true);

#endif

}



static void crypto_reenable_simd_for_test(void)

{

#ifdef CONFIG_CRYPTO_SELFTESTS_FULL

	__this_cpu_write(crypto_simd_disabled_for_test, false);

	migrate_enable();

#endif

}



/*

include/crypto/internal/simd.h

+4 −2
Original line number Diff line number Diff line
@@ -44,9 +44,11 @@ void simd_unregister_aeads(struct aead_alg *algs, int count, 
 *

 * This delegates to may_use_simd(), except that this also returns false if SIMD

 * in crypto code has been temporarily disabled on this CPU by the crypto

 * self-tests, in order to test the no-SIMD fallback code.

 * self-tests, in order to test the no-SIMD fallback code.  This override is

 * currently limited to configurations where the "full" self-tests are enabled,

 * because it might be a bit too invasive to be part of the "fast" self-tests.

 */

#ifdef CONFIG_CRYPTO_SELFTESTS

#ifdef CONFIG_CRYPTO_SELFTESTS_FULL

DECLARE_PER_CPU(bool, crypto_simd_disabled_for_test);

#define crypto_simd_usable() \

	(may_use_simd() && !this_cpu_read(crypto_simd_disabled_for_test))

lib/crypto/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -66,7 +66,7 @@ libsha256-generic-y := sha256-generic.o 


obj-$(CONFIG_MPILIB) += mpi/



obj-$(CONFIG_CRYPTO_SELFTESTS)			+= simd.o

obj-$(CONFIG_CRYPTO_SELFTESTS_FULL)		+= simd.o



obj-$(CONFIG_CRYPTO_LIB_SM3)			+= libsm3.o

libsm3-y					:= sm3.o