Commit 40b99697 authored by Eric Biggers's avatar Eric Biggers Committed by Herbert Xu
Browse files

crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS 



The negative-sense of CRYPTO_MANAGER_DISABLE_TESTS is a longstanding
mistake that regularly causes confusion.  Especially bad is that you can
have CRYPTO=n && CRYPTO_MANAGER_DISABLE_TESTS=n, which is ambiguous.

Replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS which has the
expected behavior.

The tests continue to be disabled by default.

Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent d469eaed

arch/arm/configs/milbeaut_m10v_defconfig

+1 −1
Original line number Diff line number Diff line
@@ -94,7 +94,7 @@ CONFIG_NLS_ISO8859_1=y 
CONFIG_NLS_UTF8=y

CONFIG_KEYS=y

CONFIG_CRYPTO_MANAGER=y

# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set

CONFIG_CRYPTO_SELFTESTS=y

# CONFIG_CRYPTO_ECHAINIV is not set

CONFIG_CRYPTO_AES=y

CONFIG_CRYPTO_SEQIV=m

arch/loongarch/configs/loongson3_defconfig

+1 −1
Original line number Diff line number Diff line
@@ -1026,7 +1026,7 @@ CONFIG_SECURITY_APPARMOR=y 
CONFIG_SECURITY_YAMA=y

CONFIG_DEFAULT_SECURITY_DAC=y

CONFIG_CRYPTO_USER=m

# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set

CONFIG_CRYPTO_SELFTESTS=y

CONFIG_CRYPTO_PCRYPT=m

CONFIG_CRYPTO_CRYPTD=m

CONFIG_CRYPTO_ANUBIS=m

arch/s390/configs/debug_defconfig

+1 −1
Original line number Diff line number Diff line
@@ -743,7 +743,7 @@ CONFIG_IMA_WRITE_POLICY=y 
CONFIG_IMA_APPRAISE=y

CONFIG_BUG_ON_DATA_CORRUPTION=y

CONFIG_CRYPTO_USER=m

# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set

CONFIG_CRYPTO_SELFTESTS=y

CONFIG_CRYPTO_PCRYPT=m

CONFIG_CRYPTO_CRYPTD=m

CONFIG_CRYPTO_BENCHMARK=m

arch/s390/configs/defconfig

+1 −1
Original line number Diff line number Diff line
@@ -729,7 +729,7 @@ CONFIG_IMA_APPRAISE=y 
CONFIG_BUG_ON_DATA_CORRUPTION=y

CONFIG_CRYPTO_FIPS=y

CONFIG_CRYPTO_USER=m

# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set

CONFIG_CRYPTO_SELFTESTS=y

CONFIG_CRYPTO_PCRYPT=m

CONFIG_CRYPTO_CRYPTD=m

CONFIG_CRYPTO_BENCHMARK=m

crypto/Kconfig

+15 −9
Original line number Diff line number Diff line
@@ -25,7 +25,7 @@ menu "Crypto core or helper" 


config CRYPTO_FIPS

	bool "FIPS 200 compliance"

	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS

	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && CRYPTO_SELFTESTS

	depends on (MODULE_SIG || !MODULES)

	help

	  This option enables the fips boot option which is
@@ -143,8 +143,8 @@ config CRYPTO_ACOMP 


config CRYPTO_HKDF

	tristate

	select CRYPTO_SHA256 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS

	select CRYPTO_SHA512 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS

	select CRYPTO_SHA256 if CRYPTO_SELFTESTS

	select CRYPTO_SHA512 if CRYPTO_SELFTESTS

	select CRYPTO_HASH2



config CRYPTO_MANAGER
@@ -173,16 +173,22 @@ config CRYPTO_USER 
	  Userspace configuration for cryptographic instantiations such as

	  cbc(aes).



config CRYPTO_MANAGER_DISABLE_TESTS

	bool "Disable run-time self tests"

	default y

config CRYPTO_SELFTESTS

	bool "Enable cryptographic self-tests"

	depends on DEBUG_KERNEL

	help

	  Disable run-time self tests that normally take place at

	  algorithm registration.

	  Enable the cryptographic self-tests.



	  The cryptographic self-tests run at boot time, or at algorithm

	  registration time if algorithms are dynamically loaded later.



	  This is primarily intended for developer use.  It should not be

	  enabled in production kernels, unless you are trying to use these

	  tests to fulfill a FIPS testing requirement.



config CRYPTO_MANAGER_EXTRA_TESTS

	bool "Enable extra run-time crypto self tests"

	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER

	depends on DEBUG_KERNEL && CRYPTO_SELFTESTS && CRYPTO_MANAGER

	help

	  Enable extra run-time self tests of registered crypto algorithms,

	  including randomized fuzz tests.