crypto: testmgr - reinstate kconfig control over full self-tests

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Commit 698de822780f ("crypto: testmgr - make it easier to enable the
full set of tests") removed support for building kernels that run only
the "fast" set of crypto self-tests by default. This assumed that
nearly everyone actually wanted the full set of tests, *if* they had
already chosen to enable the tests at all.

Unfortunately, it turns out that both Debian and Fedora intentionally
have the crypto self-tests enabled in their production kernels. And for
production kernels we do need to keep the testing time down, which
implies just running the "fast" tests, not the full set of tests.

For Fedora, a reason for enabling the tests in production is that they
are being (mis)used to meet the FIPS 140-3 pre-operational testing
requirement.

However, the other reason for enabling the tests in production, which
applies to both distros, is that they provide some value in protecting
users from buggy drivers. Unfortunately, the crypto/ subsystem has many
buggy and untested drivers for off-CPU hardware accelerators on rare
platforms. These broken drivers get shipped to users, and there have
been multiple examples of the tests preventing these buggy drivers from
being used. So effectively, the tests are being relied on in production
kernels. I think this is kind of crazy (untested drivers should just
not be enabled at all), but that seems to be how things work currently.

Thus, reintroduce a kconfig option that controls the level of testing.
Call it CRYPTO_SELFTESTS_FULL instead of the original name
CRYPTO_MANAGER_EXTRA_TESTS, which was slightly misleading.

Moreover, given the "production kernel" use case, make CRYPTO_SELFTESTS
depend on EXPERT instead of DEBUG_KERNEL.

I also haven't reinstated all the #ifdefs in crypto/testmgr.c. Instead,
just rely on the compiler to optimize out unused code.

Fixes: 40b9969796bf ("crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS")
Fixes: 698de822780f ("crypto: testmgr - make it easier to enable the full set of tests")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Eric Biggers and committed by

Herbert Xu 9 months ago ac90aad0 40a98e70

+38 -10

4 changed files

expand all

crypto

Kconfig

testmgr.c

include

crypto

internal

simd.h

lib

crypto

Makefile

+21 -4

crypto/Kconfig

··· 176 176 177 177 config CRYPTO_SELFTESTS 178 178 bool "Enable cryptographic self-tests" 179 - depends on DEBUG_KERNEL 179 + depends on EXPERT 180 180 help 181 181 Enable the cryptographic self-tests. 182 182 183 183 The cryptographic self-tests run at boot time, or at algorithm 184 184 registration time if algorithms are dynamically loaded later. 185 185 186 - This is primarily intended for developer use. It should not be 187 - enabled in production kernels, unless you are trying to use these 188 - tests to fulfill a FIPS testing requirement. 186 + There are two main use cases for these tests: 187 + 188 + - Development and pre-release testing. In this case, also enable 189 + CRYPTO_SELFTESTS_FULL to get the full set of tests. All crypto code 190 + in the kernel is expected to pass the full set of tests. 191 + 192 + - Production kernels, to help prevent buggy drivers from being used 193 + and/or meet FIPS 140-3 pre-operational testing requirements. In 194 + this case, enable CRYPTO_SELFTESTS but not CRYPTO_SELFTESTS_FULL. 195 + 196 + config CRYPTO_SELFTESTS_FULL 197 + bool "Enable the full set of cryptographic self-tests" 198 + depends on CRYPTO_SELFTESTS 199 + help 200 + Enable the full set of cryptographic self-tests for each algorithm. 201 + 202 + The full set of tests should be enabled for development and 203 + pre-release testing, but not in production kernels. 204 + 205 + All crypto code in the kernel is expected to pass the full tests. 189 206 190 207 config CRYPTO_NULL 191 208 tristate "Null algorithms"

+12 -3

crypto/testmgr.c

··· 45 45 module_param(notests, bool, 0644); 46 46 MODULE_PARM_DESC(notests, "disable all crypto self-tests"); 47 47 48 + #ifdef CONFIG_CRYPTO_SELFTESTS_FULL 48 49 static bool noslowtests; 49 50 module_param(noslowtests, bool, 0644); 50 51 MODULE_PARM_DESC(noslowtests, "disable slow crypto self-tests"); ··· 53 52 static unsigned int fuzz_iterations = 100; 54 53 module_param(fuzz_iterations, uint, 0644); 55 54 MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations"); 55 + #else 56 + #define noslowtests 1 57 + #define fuzz_iterations 0 58 + #endif 56 59 57 60 #ifndef CONFIG_CRYPTO_SELFTESTS 58 61 ··· 324 319 325 320 /* 326 321 * The following are the lists of testvec_configs to test for each algorithm 327 - * type when the fast crypto self-tests are enabled. They aim to provide good 328 - * test coverage, while keeping the test time much shorter than the full tests 329 - * so that the fast tests can be used to fulfill FIPS 140 testing requirements. 322 + * type when the "fast" crypto self-tests are enabled. They aim to provide good 323 + * test coverage, while keeping the test time much shorter than the "full" tests 324 + * so that the "fast" tests can be enabled in a wider range of circumstances. 330 325 */ 331 326 332 327 /* Configs for skciphers and aeads */ ··· 1188 1183 1189 1184 static void crypto_disable_simd_for_test(void) 1190 1185 { 1186 + #ifdef CONFIG_CRYPTO_SELFTESTS_FULL 1191 1187 migrate_disable(); 1192 1188 __this_cpu_write(crypto_simd_disabled_for_test, true); 1189 + #endif 1193 1190 } 1194 1191 1195 1192 static void crypto_reenable_simd_for_test(void) 1196 1193 { 1194 + #ifdef CONFIG_CRYPTO_SELFTESTS_FULL 1197 1195 __this_cpu_write(crypto_simd_disabled_for_test, false); 1198 1196 migrate_enable(); 1197 + #endif 1199 1198 } 1200 1199 1201 1200 /*

+4 -2

include/crypto/internal/simd.h

··· 44 44 * 45 45 * This delegates to may_use_simd(), except that this also returns false if SIMD 46 46 * in crypto code has been temporarily disabled on this CPU by the crypto 47 - * self-tests, in order to test the no-SIMD fallback code. 47 + * self-tests, in order to test the no-SIMD fallback code. This override is 48 + * currently limited to configurations where the "full" self-tests are enabled, 49 + * because it might be a bit too invasive to be part of the "fast" self-tests. 48 50 */ 49 - #ifdef CONFIG_CRYPTO_SELFTESTS 51 + #ifdef CONFIG_CRYPTO_SELFTESTS_FULL 50 52 DECLARE_PER_CPU(bool, crypto_simd_disabled_for_test); 51 53 #define crypto_simd_usable() \ 52 54 (may_use_simd() && !this_cpu_read(crypto_simd_disabled_for_test))

+1 -1

lib/crypto/Makefile

··· 62 62 63 63 obj-$(CONFIG_MPILIB) += mpi/ 64 64 65 - obj-$(CONFIG_CRYPTO_SELFTESTS) += simd.o 65 + obj-$(CONFIG_CRYPTO_SELFTESTS_FULL) += simd.o 66 66 67 67 obj-$(CONFIG_CRYPTO_LIB_SM3) += libsm3.o 68 68 libsm3-y := sm3.o