From: Krzysztof Halasa Subject: Re: Crypto test results unused? Date: Tue, 12 Jan 2010 18:55:07 +0100 Message-ID: References: <20100112111439.GA31504@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org To: Herbert Xu Return-path: Received: from khc.piap.pl ([195.187.100.11]:33570 "EHLO khc.piap.pl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932067Ab0ALRzL (ORCPT ); Tue, 12 Jan 2010 12:55:11 -0500 In-Reply-To: <20100112111439.GA31504@gondor.apana.org.au> (Herbert Xu's message of "Tue, 12 Jan 2010 22:14:39 +1100") Sender: linux-crypto-owner@vger.kernel.org List-ID: Herbert Xu writes: >> On little-endian IXP4xx 3 hardware-assisted algorithms fail (due to >> apparently unrelated bug which I will take care of). It seems the kernel >> is still using these failing algorithms (my debugging code adds extra >> fields to the /proc output): > > How did you determine that it was still being used? When a kernel > user requests for an algorithm the system is supposed to skip > anything which failed the self-test. cat /proc/crypto shows "selftest: unknown" for those failed tests. I don't know if that means it's used, but I'd expect "failed" or something like that. Maybe it's simply a problem in /proc/crypto output. > CRYPTO_ALG_DEAD is used to mark algorithms deleted from the > system. However, we don't delete algorithms just because they > fail the self-test. They remain in the system so you can come > back and diagnose the problem. They just aren't used by anyone. Great. Currently the /proc/crypto contains: - for passed tests: "selftest: passed" (which is of course right) - for failed tests: "selftest: unknown" (which is a surprise for me): alg: skcipher: Test 1 failed on encryption for ecb(des)-ixp4xx 00000000: 01 23 45 67 89 ab cd e7 name : ecb(des) driver : ecb(des)-ixp4xx module : ixp4xx_crypto priority : 300 refcnt : 1 selftest : unknown type : ablkcipher async : yes blocksize : 8 min keysize : 8 max keysize : 8 ivsize : 0 geniv : - for routines without a test: "selftest: passed" (which isn't true either) alg: No test for authenc(hmac(md5),cbc(des)) (authenc(hmac(md5),cbc(des))-ixp4xx) name : authenc(hmac(md5),cbc(des)) driver : authenc(hmac(md5),cbc(des))-ixp4xx module : ixp4xx_crypto priority : 300 refcnt : 1 selftest : passed type : aead async : yes blocksize : 8 ivsize : 8 maxauthsize : 16 geniv : I think we need a way to differentiate between "really unknown" and "failed", do we need another flag for it? -- Krzysztof Halasa