public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS

Browse source 
The negative-sense of CRYPTO_MANAGER_DISABLE_TESTS is a longstanding
mistake that regularly causes confusion.  Especially bad is that you can
have CRYPTO=n && CRYPTO_MANAGER_DISABLE_TESTS=n, which is ambiguous.

Replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS which has the
expected behavior.

The tests continue to be disabled by default.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Eric Biggers 2025-05-05 13:33:41 -07:00 committed by Herbert Xu
parent d469eaed22
commit 40b9969796
18 changed files with 41 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
arch/arm/configs/milbeaut_m10v_defconfig
View file

@ -94,7 +94,7 @@ CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_UTF8=y CONFIG_NLS_UTF8=y
CONFIG_KEYS=y CONFIG_KEYS=y
CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER=y
# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set CONFIG_CRYPTO_SELFTESTS=y
# CONFIG_CRYPTO_ECHAINIV is not set # CONFIG_CRYPTO_ECHAINIV is not set
CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_SEQIV=m CONFIG_CRYPTO_SEQIV=m

2
arch/loongarch/configs/loongson3_defconfig
View file

@ -1026,7 +1026,7 @@ CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_YAMA=y
CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_CRYPTO_USER=m CONFIG_CRYPTO_USER=m
# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set CONFIG_CRYPTO_SELFTESTS=y
CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_ANUBIS=m CONFIG_CRYPTO_ANUBIS=m

2
arch/s390/configs/debug_defconfig
View file

@ -743,7 +743,7 @@ CONFIG_IMA_WRITE_POLICY=y
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
CONFIG_BUG_ON_DATA_CORRUPTION=y CONFIG_BUG_ON_DATA_CORRUPTION=y
CONFIG_CRYPTO_USER=m CONFIG_CRYPTO_USER=m
# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set CONFIG_CRYPTO_SELFTESTS=y
CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_BENCHMARK=m CONFIG_CRYPTO_BENCHMARK=m

2
arch/s390/configs/defconfig
View file

@ -729,7 +729,7 @@ CONFIG_IMA_APPRAISE=y
CONFIG_BUG_ON_DATA_CORRUPTION=y CONFIG_BUG_ON_DATA_CORRUPTION=y
CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_FIPS=y
CONFIG_CRYPTO_USER=m CONFIG_CRYPTO_USER=m
# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set CONFIG_CRYPTO_SELFTESTS=y
CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_BENCHMARK=m CONFIG_CRYPTO_BENCHMARK=m

24
crypto/Kconfig
View file

@ -25,7 +25,7 @@ menu "Crypto core or helper"
config CRYPTO_FIPS config CRYPTO_FIPS
bool "FIPS 200 compliance" bool "FIPS 200 compliance"
depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && CRYPTO_SELFTESTS
depends on (MODULE_SIG || !MODULES) depends on (MODULE_SIG || !MODULES)
help help
This option enables the fips boot option which is This option enables the fips boot option which is
@ -143,8 +143,8 @@ config CRYPTO_ACOMP
config CRYPTO_HKDF config CRYPTO_HKDF
tristate tristate
select CRYPTO_SHA256 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS select CRYPTO_SHA256 if CRYPTO_SELFTESTS
select CRYPTO_SHA512 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS select CRYPTO_SHA512 if CRYPTO_SELFTESTS
select CRYPTO_HASH2 select CRYPTO_HASH2
config CRYPTO_MANAGER config CRYPTO_MANAGER
@ -173,16 +173,22 @@ config CRYPTO_USER
Userspace configuration for cryptographic instantiations such as Userspace configuration for cryptographic instantiations such as
cbc(aes). cbc(aes).
config CRYPTO_MANAGER_DISABLE_TESTS config CRYPTO_SELFTESTS
bool "Disable run-time self tests" bool "Enable cryptographic self-tests"
default y depends on DEBUG_KERNEL
help help
Disable run-time self tests that normally take place at Enable the cryptographic self-tests.
algorithm registration.
The cryptographic self-tests run at boot time, or at algorithm
registration time if algorithms are dynamically loaded later.
This is primarily intended for developer use. It should not be
enabled in production kernels, unless you are trying to use these
tests to fulfill a FIPS testing requirement.
config CRYPTO_MANAGER_EXTRA_TESTS config CRYPTO_MANAGER_EXTRA_TESTS
bool "Enable extra run-time crypto self tests" bool "Enable extra run-time crypto self tests"
depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER depends on DEBUG_KERNEL && CRYPTO_SELFTESTS && CRYPTO_MANAGER
help help
Enable extra run-time self tests of registered crypto algorithms, Enable extra run-time self tests of registered crypto algorithms,
including randomized fuzz tests. including randomized fuzz tests.

4
crypto/algapi.c
View file

@ -275,7 +275,7 @@ static struct crypto_larval *crypto_alloc_test_larval(struct crypto_alg *alg)
struct crypto_larval *larval; struct crypto_larval *larval;
if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER) || if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER) ||
IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) || !IS_ENABLED(CONFIG_CRYPTO_SELFTESTS) ||
(alg->cra_flags & CRYPTO_ALG_INTERNAL)) (alg->cra_flags & CRYPTO_ALG_INTERNAL))
return NULL; /* No self-test needed */ return NULL; /* No self-test needed */
@ -1059,7 +1059,7 @@ static void __init crypto_start_tests(void)
if (!IS_BUILTIN(CONFIG_CRYPTO_ALGAPI)) if (!IS_BUILTIN(CONFIG_CRYPTO_ALGAPI))
return; return;
if (IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)) if (!IS_ENABLED(CONFIG_CRYPTO_SELFTESTS))
return; return;
set_crypto_boot_test_finished(); set_crypto_boot_test_finished();

2
crypto/algboss.c
View file

@ -189,7 +189,7 @@ static int cryptomgr_schedule_test(struct crypto_alg *alg)
struct task_struct *thread; struct task_struct *thread;
struct crypto_test_param *param; struct crypto_test_param *param;
if (IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)) if (!IS_ENABLED(CONFIG_CRYPTO_SELFTESTS))
return NOTIFY_DONE; return NOTIFY_DONE;
if (!try_module_get(THIS_MODULE)) if (!try_module_get(THIS_MODULE))

3
crypto/api.c
View file

@ -31,8 +31,7 @@ EXPORT_SYMBOL_GPL(crypto_alg_sem);
BLOCKING_NOTIFIER_HEAD(crypto_chain); BLOCKING_NOTIFIER_HEAD(crypto_chain);
EXPORT_SYMBOL_GPL(crypto_chain); EXPORT_SYMBOL_GPL(crypto_chain);
#if IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) && \ #if IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) && IS_ENABLED(CONFIG_CRYPTO_SELFTESTS)
!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
DEFINE_STATIC_KEY_FALSE(__crypto_boot_test_finished); DEFINE_STATIC_KEY_FALSE(__crypto_boot_test_finished);
#endif #endif

2
crypto/hkdf.c
View file

@ -543,7 +543,7 @@ static int __init crypto_hkdf_module_init(void)
{ {
int ret = 0, i; int ret = 0, i;
if (IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)) if (!IS_ENABLED(CONFIG_CRYPTO_SELFTESTS))
return 0; return 0;
for (i = 0; i < ARRAY_SIZE(hkdf_sha256_tv); i++) { for (i = 0; i < ARRAY_SIZE(hkdf_sha256_tv); i++) {

5
crypto/internal.h
View file

@ -67,8 +67,7 @@ extern struct blocking_notifier_head crypto_chain;
int alg_test(const char *driver, const char *alg, u32 type, u32 mask); int alg_test(const char *driver, const char *alg, u32 type, u32 mask);
#if !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) || \ #if !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) || !IS_ENABLED(CONFIG_CRYPTO_SELFTESTS)
IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
static inline bool crypto_boot_test_finished(void) static inline bool crypto_boot_test_finished(void)
{ {
return true; return true;
@ -87,7 +86,7 @@ static inline void set_crypto_boot_test_finished(void)
static_branch_enable(&__crypto_boot_test_finished); static_branch_enable(&__crypto_boot_test_finished);
} }
#endif /* !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) || #endif /* !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) ||
* IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) * !IS_ENABLED(CONFIG_CRYPTO_SELFTESTS)
*/ */
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS

2
crypto/kdf_sp800108.c
View file

@ -127,7 +127,7 @@ static int __init crypto_kdf108_init(void)
{ {
int ret; int ret;
if (IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)) if (!IS_ENABLED(CONFIG_CRYPTO_SELFTESTS))
return 0; return 0;
ret = kdf_test(&kdf_ctr_hmac_sha256_tv_template[0], "hmac(sha256)", ret = kdf_test(&kdf_ctr_hmac_sha256_tv_template[0], "hmac(sha256)",

12
crypto/testmgr.c
View file

@ -55,7 +55,7 @@ module_param(fuzz_iterations, uint, 0644);
MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations"); MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations");
#endif #endif
#ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS #ifndef CONFIG_CRYPTO_SELFTESTS
/* a perfect nop */ /* a perfect nop */
int alg_test(const char *driver, const char *alg, u32 type, u32 mask) int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
@ -321,10 +321,10 @@ struct testvec_config {
/* /*
* The following are the lists of testvec_configs to test for each algorithm * The following are the lists of testvec_configs to test for each algorithm
* type when the basic crypto self-tests are enabled, i.e. when * type when the basic crypto self-tests are enabled. They aim to provide good
* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test * test coverage, while keeping the test time much shorter than the full fuzz
* coverage, while keeping the test time much shorter than the full fuzz tests * tests so that the basic tests can be enabled in a wider range of
* so that the basic tests can be enabled in a wider range of circumstances. * circumstances.
*/ */
/* Configs for skciphers and aeads */ /* Configs for skciphers and aeads */
@ -5899,6 +5899,6 @@ non_fips_alg:
return alg_fips_disabled(driver, alg); return alg_fips_disabled(driver, alg);
} }
#endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */ #endif /* CONFIG_CRYPTO_SELFTESTS */
EXPORT_SYMBOL_GPL(alg_test); EXPORT_SYMBOL_GPL(alg_test);

9
lib/crypto/Makefile
View file

@ -25,9 +25,11 @@ obj-$(CONFIG_CRYPTO_LIB_GF128MUL) += gf128mul.o
obj-y += libblake2s.o obj-y += libblake2s.o
libblake2s-y := blake2s.o libblake2s-y := blake2s.o
libblake2s-$(CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC) += blake2s-generic.o libblake2s-$(CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC) += blake2s-generic.o
libblake2s-$(CONFIG_CRYPTO_SELFTESTS) += blake2s-selftest.o
obj-$(CONFIG_CRYPTO_LIB_CHACHA20POLY1305) += libchacha20poly1305.o obj-$(CONFIG_CRYPTO_LIB_CHACHA20POLY1305) += libchacha20poly1305.o
libchacha20poly1305-y += chacha20poly1305.o libchacha20poly1305-y += chacha20poly1305.o
libchacha20poly1305-$(CONFIG_CRYPTO_SELFTESTS) += chacha20poly1305-selftest.o
obj-$(CONFIG_CRYPTO_LIB_CURVE25519_GENERIC) += libcurve25519-generic.o obj-$(CONFIG_CRYPTO_LIB_CURVE25519_GENERIC) += libcurve25519-generic.o
libcurve25519-generic-y := curve25519-fiat32.o libcurve25519-generic-y := curve25519-fiat32.o
@ -36,6 +38,7 @@ libcurve25519-generic-y += curve25519-generic.o
obj-$(CONFIG_CRYPTO_LIB_CURVE25519) += libcurve25519.o obj-$(CONFIG_CRYPTO_LIB_CURVE25519) += libcurve25519.o
libcurve25519-y += curve25519.o libcurve25519-y += curve25519.o
libcurve25519-$(CONFIG_CRYPTO_SELFTESTS) += curve25519-selftest.o
obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o
libdes-y := des.o libdes-y := des.o
@ -57,12 +60,6 @@ libsha256-y := sha256.o
obj-$(CONFIG_CRYPTO_LIB_SHA256_GENERIC) += libsha256-generic.o obj-$(CONFIG_CRYPTO_LIB_SHA256_GENERIC) += libsha256-generic.o
libsha256-generic-y := sha256-generic.o libsha256-generic-y := sha256-generic.o
ifneq ($(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS),y)
libblake2s-y += blake2s-selftest.o
libchacha20poly1305-y += chacha20poly1305-selftest.o
libcurve25519-y += curve25519-selftest.o
endif
obj-$(CONFIG_MPILIB) += mpi/ obj-$(CONFIG_MPILIB) += mpi/
obj-$(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) += simd.o obj-$(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) += simd.o

2
lib/crypto/aescfb.c
View file

@ -99,7 +99,7 @@ MODULE_DESCRIPTION("Generic AES-CFB library");
MODULE_AUTHOR("Ard Biesheuvel <ardb@kernel.org>"); MODULE_AUTHOR("Ard Biesheuvel <ardb@kernel.org>");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
#ifndef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS #ifdef CONFIG_CRYPTO_SELFTESTS
/* /*
* Test code below. Vectors taken from crypto/testmgr.h * Test code below. Vectors taken from crypto/testmgr.h

2
lib/crypto/aesgcm.c
View file

@ -199,7 +199,7 @@ MODULE_DESCRIPTION("Generic AES-GCM library");
MODULE_AUTHOR("Ard Biesheuvel <ardb@kernel.org>"); MODULE_AUTHOR("Ard Biesheuvel <ardb@kernel.org>");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
#ifndef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS #ifdef CONFIG_CRYPTO_SELFTESTS
/* /*
* Test code below. Vectors taken from crypto/testmgr.h * Test code below. Vectors taken from crypto/testmgr.h

2
lib/crypto/blake2s.c
View file

@ -60,7 +60,7 @@ EXPORT_SYMBOL(blake2s_final);
static int __init blake2s_mod_init(void) static int __init blake2s_mod_init(void)
{ {
if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && if (IS_ENABLED(CONFIG_CRYPTO_SELFTESTS) &&
WARN_ON(!blake2s_selftest())) WARN_ON(!blake2s_selftest()))
return -ENODEV; return -ENODEV;
return 0; return 0;

2
lib/crypto/chacha20poly1305.c
View file

@ -358,7 +358,7 @@ EXPORT_SYMBOL(chacha20poly1305_decrypt_sg_inplace);
static int __init chacha20poly1305_init(void) static int __init chacha20poly1305_init(void)
{ {
if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && if (IS_ENABLED(CONFIG_CRYPTO_SELFTESTS) &&
WARN_ON(!chacha20poly1305_selftest())) WARN_ON(!chacha20poly1305_selftest()))
return -ENODEV; return -ENODEV;
return 0; return 0;

2
lib/crypto/curve25519.c
View file

@ -15,7 +15,7 @@
static int __init curve25519_init(void) static int __init curve25519_init(void)
{ {
if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && if (IS_ENABLED(CONFIG_CRYPTO_SELFTESTS) &&
WARN_ON(!curve25519_selftest())) WARN_ON(!curve25519_selftest()))
return -ENODEV; return -ENODEV;
return 0; return 0;