Skip to content

Commit bdbd11e

Browse files
ravulapxYogaraj-Alamenda
ravulapx
authored and
Yogaraj-Alamenda
committed
Fixed aes-cbc-hmac-sha testapp insecure algo issue
Signed-off-by: Tirupatigopi Ravulapalli <ravulapallix.tirupatigopi@intel.com>
1 parent dbad663 commit bdbd11e

File tree

3 files changed

+37
-22
lines changed

3 files changed

+37
-22
lines changed

test/tests.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,7 @@ static int no_of_inst = 0;
8282
static int qat_keep_polling = 0;
8383
pthread_t *testapp_polling_threads;
8484
pthread_t *testapp_heartbeat_threads;
85+
int insecure_algorithms_enabled = 0;
8586

8687
char *sw_algo_bitmap = NULL;
8788
char *hw_algo_bitmap = NULL;

test/tests.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,8 @@
4444
#include <openssl/provider.h>
4545
#endif
4646

47+
extern int insecure_algorithms_enabled;
48+
4749
enum {
4850
R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_8192,
4951
R_RSA_7680, R_RSA_15360, RSA_NUM

test/tests_aes_cbc_hmac_sha.c

Lines changed: 34 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1133,6 +1133,9 @@ static int run_aes_cbc_hmac_sha(void *pointer)
11331133
for (i = 0; i < ntls; i++) {
11341134
ti.tls = (tls_v *)&test_tls[i];
11351135
#ifdef QAT_OPENSSL_PROVIDER
1136+
# ifdef QAT_INSECURE_ALGO
1137+
insecure_algorithms_enabled = 1;
1138+
# endif
11361139
if (
11371140
/*
11381141
* Running the test with SW implementation to check if
@@ -1142,28 +1145,37 @@ static int run_aes_cbc_hmac_sha(void *pointer)
11421145
(test_auth_header(&ti, USE_SW) != 1) ||
11431146
(test_auth_pkt(&ti, USE_SW) != 1) ||
11441147
(
1145-
/*
1146-
* Perform these tests only if engine
1147-
* is present.
1148-
*/
1149-
(test_encrypted_buffer(&ti) != 1) ||
1150-
(test_no_hmac_key_set(&ti) != 1) ||
1151-
(test_crypto_op(&ti, USE_ENGINE, USE_SW) != 1) ||
1152-
(test_crypto_op(&ti, USE_SW, USE_ENGINE) != 1) ||
1153-
(test_crypto_op(&ti, USE_ENGINE, USE_ENGINE) != 1) ||
1154-
(test_auth_header(&ti, USE_ENGINE) != 1) ||
1155-
(test_auth_pkt(&ti, USE_ENGINE) != 1) ||
1156-
(test_multi_op(&ti) != 1)
1157-
/*
1158-
* 1. cipher pipeline feature is not support in
1159-
* qatprovider due to limitation.
1160-
* 2. small package offloading is support in qat-
1161-
* provider, but there's no relevant API to set
1162-
* threshold in OpenSSL 3.0, so this testcase is
1163-
* also deactiaved.
1164-
*/
1165-
)
1166-
) {
1148+
/*
1149+
* Perform these tests only if engine is present.
1150+
*
1151+
* When QAT insecure algorithms are disabled, AES128_CBC_HMAC_SHA256
1152+
* implementation uses only OpenSSL.
1153+
*
1154+
* USE_SW refers OpenSSL implementation.
1155+
* USE_ENGINE refers QAT_Engine implementation.
1156+
*/
1157+
(insecure_algorithms_enabled ||
1158+
args->type != TEST_AES128_CBC_HMAC_SHA256) &&
1159+
(
1160+
(test_encrypted_buffer(&ti) != 1) ||
1161+
(test_no_hmac_key_set(&ti) != 1) ||
1162+
(test_crypto_op(&ti, USE_ENGINE, USE_SW) != 1) ||
1163+
(test_crypto_op(&ti, USE_SW, USE_ENGINE) != 1) ||
1164+
(test_crypto_op(&ti, USE_ENGINE, USE_ENGINE) != 1) ||
1165+
(test_auth_header(&ti, USE_ENGINE) != 1) ||
1166+
(test_auth_pkt(&ti, USE_ENGINE) != 1)
1167+
)
1168+
) ||
1169+
(test_multi_op(&ti) != 1)
1170+
/*
1171+
* 1. cipher pipeline feature is not support in
1172+
* qatprovider due to limitation.
1173+
* 2. small package offloading is support in qat-
1174+
* provider, but there's no relevant API to set
1175+
* threshold in OpenSSL 3.0, so this testcase is
1176+
* also deactiaved.
1177+
*/
1178+
) {
11671179
#else
11681180
if (
11691181
/*

0 commit comments

Comments
 (0)