From 6c79294f44fd7d1122cbaabff3b9815b074c0dd0 Mon Sep 17 00:00:00 2001

From: Milan Broz <mbroz@redhat.com>

Date: Fri, 29 Jun 2012 22:08:09 +0200

Subject: [PATCH] crypto: testmgr - allow aesni-intel and ghash_clmulni-intel

 in fips mode

Patch 863b557a88f8c033f7419fabafef4712a5055f85 added NULL entries

for intel accelerated drivers but did not marked these fips allowed.

This cause panic if running tests with fips=1.

For ghash, fips_allowed flag was added in patch

18c0ebd2d8194cce4b3f67e2903fa01bea892cbc.

Without patch, "modprobe tcrypt" fails with

  alg: skcipher: Failed to load transform for cbc-aes-aesni: -2

  cbc-aes-aesni: cbc(aes) alg self test failed in fips mode!

  (panic)

Also add missing cryptd(__driver-cbc-aes-aesni) and

cryptd(__driver-gcm-aes-aesni) test to complement

null tests above, otherwise system complains with

  alg: No test for __cbc-aes-aesni (cryptd(__driver-cbc-aes-aesni))

  alg: No test for __gcm-aes-aesni (cryptd(__driver-gcm-aes-aesni))

Signed-off-by: Milan Broz <mbroz@redhat.com>

Signed-off-by: Paul Wouters <pwouters@redhat.com>

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

---

 crypto/testmgr.c |   38 ++++++++++++++++++++++++++++++++++++++

 1 files changed, 38 insertions(+), 0 deletions(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c

index 36748a5..4308a11 100644

--- a/crypto/testmgr.c

+++ b/crypto/testmgr.c

@@ -1581,6 +1581,7 @@ static const struct alg_test_desc alg_test_descs[] = {

 	}, {

 		.alg = "__driver-cbc-aes-aesni",

 		.test = alg_test_null,

+		.fips_allowed = 1,

 		.suite = {

 			.cipher = {

 				.enc = {

@@ -1641,6 +1642,7 @@ static const struct alg_test_desc alg_test_descs[] = {

 	}, {

 		.alg = "__driver-ecb-aes-aesni",

 		.test = alg_test_null,

+		.fips_allowed = 1,

 		.suite = {

 			.cipher = {

 				.enc = {

@@ -1701,6 +1703,7 @@ static const struct alg_test_desc alg_test_descs[] = {

 	}, {

 		.alg = "__ghash-pclmulqdqni",

 		.test = alg_test_null,

+		.fips_allowed = 1,

 		.suite = {

 			.hash = {

 				.vecs = NULL,

@@ -1866,8 +1869,25 @@ static const struct alg_test_desc alg_test_descs[] = {

 			}

 		}

 	}, {

+		.alg = "cryptd(__driver-cbc-aes-aesni)",

+		.test = alg_test_null,

+		.fips_allowed = 1,

+		.suite = {

+			.cipher = {

+				.enc = {

+					.vecs = NULL,

+					.count = 0

+				},

+				.dec = {

+					.vecs = NULL,

+					.count = 0

+				}

+			}

+		}

+	}, {

 		.alg = "cryptd(__driver-ecb-aes-aesni)",

 		.test = alg_test_null,

+		.fips_allowed = 1,

 		.suite = {

 			.cipher = {

 				.enc = {

@@ -1926,8 +1946,25 @@ static const struct alg_test_desc alg_test_descs[] = {

 			}

 		}

 	}, {

+		.alg = "cryptd(__driver-gcm-aes-aesni)",

+		.test = alg_test_null,

+		.fips_allowed = 1,

+		.suite = {

+			.cipher = {

+				.enc = {

+					.vecs = NULL,

+					.count = 0

+				},

+				.dec = {

+					.vecs = NULL,

+					.count = 0

+				}

+			}

+		}

+	}, {

 		.alg = "cryptd(__ghash-pclmulqdqni)",

 		.test = alg_test_null,

+		.fips_allowed = 1,

 		.suite = {

 			.hash = {

 				.vecs = NULL,

@@ -2043,6 +2080,7 @@ static const struct alg_test_desc alg_test_descs[] = {

 	}, {

 		.alg = "ecb(__aes-aesni)",

 		.test = alg_test_null,

+		.fips_allowed = 1,

 		.suite = {

 			.cipher = {

 				.enc = {

-- 

1.7.6.5