From: Nicolai Stange <nstange@suse.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Nicolai Stange" <nstange@suse.de>,
"David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
"Stephan Müller" <smueller@chronox.de>,
"Torsten Duwe" <duwe@suse.de>
Subject: Re: [PATCH 8/8] crypto: api - make the algorithm lookup priorize non-larvals
Date: Wed, 27 Oct 2021 11:59:26 +0200 [thread overview]
Message-ID: <87zgqupz41.fsf@suse.de> (raw)
In-Reply-To: <20211022115146.GA27997@gondor.apana.org.au> (Herbert Xu's message of "Fri, 22 Oct 2021 19:51:46 +0800")
Herbert Xu <herbert@gondor.apana.org.au> writes:
> On Mon, Oct 11, 2021 at 10:34:11AM +0200, Nicolai Stange wrote:
>>
>> In order to keep a FIPS certification manageable in terms of scope,
>> we're looking for a way to disable everything under drivers/crypto iff
>> fips_enabled == 1. The most convenient way to achieve this downstream
>> would be to add dummy entries to testmgr.c like so:
>
> How about testing based on the flag CRYPTO_ALG_KERN_DRIVER_ONLY?
> That flag is meant to correspond to pretty much exactly
> drivers/crypto.
Hmm, I checked a couple of crypto/drivers and it seems like not all are
setting this flag: random examples would include cavium/nitrox/,
chelsio/, padlock*.c, vmx/, ...
Many thanks!
Nicolai
--
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg), GF: Felix Imendörffer
next prev parent reply other threads:[~2021-10-27 10:00 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-03 18:14 [PATCH 0/8] crypto: api - priorize tested algorithms in lookup Nicolai Stange
2021-10-03 18:14 ` [PATCH 1/8] crypto: af_alg - reject requests for untested algorithms Nicolai Stange
2021-10-03 18:14 ` [PATCH 2/8] crypto: user " Nicolai Stange
2021-10-03 18:14 ` [PATCH 3/8] crypto: api - only support lookups for specific CRYPTO_ALG_TESTED status Nicolai Stange
2021-10-03 18:14 ` [PATCH 4/8] crypto: api - don't add larvals for !(type & CRYPTO_ALG_TESTED) lookups Nicolai Stange
2021-10-03 18:14 ` [PATCH 5/8] crypto: api - always set CRYPTO_ALG_TESTED in lookup larvals' ->mask/type Nicolai Stange
2021-10-03 18:14 ` [PATCH 6/8] crypto: api - make crypto_alg_lookup() consistently check for failed algos Nicolai Stange
2021-10-03 18:14 ` [PATCH 7/8] crypto: api - lift common mask + type adjustment to crypto_larval_lookup() Nicolai Stange
2021-10-03 18:14 ` [PATCH 8/8] crypto: api - make the algorithm lookup priorize non-larvals Nicolai Stange
2021-10-08 11:54 ` Herbert Xu
2021-10-11 8:34 ` Nicolai Stange
2021-10-22 11:51 ` Herbert Xu
2021-10-27 9:59 ` Nicolai Stange [this message]
2021-10-28 2:42 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zgqupz41.fsf@suse.de \
--to=nstange@suse.de \
--cc=davem@davemloft.net \
--cc=duwe@suse.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.