* [PATCH] crypto: jitterentropy - change back to module_init()
2019-05-21 18:34 crypto: run initcalls for generic implementations earlier Eric Biggers
@ 2019-05-21 18:46 ` Eric Biggers
0 siblings, 0 replies; 8+ messages in thread
From: Eric Biggers @ 2019-05-21 18:46 UTC (permalink / raw
To: linux-crypto, Herbert Xu
Cc: Geert Uytterhoeven, Thomas Gleixner, Daniel Lezcano,
Linux Kernel Mailing List, Linux-Renesas, Linux ARM
From: Eric Biggers <ebiggers@google.com>
"jitterentropy_rng" doesn't have any other implementations, nor is it
tested by the crypto self-tests. So it was unnecessary to change it to
subsys_initcall. Also it depends on the main clocksource being
initialized, which may happen after subsys_initcall, causing this error:
jitterentropy: Initialization failed with host not compliant with requirements: 2
Change it back to module_init().
Fixes: c4741b230597 ("crypto: run initcalls for generic implementations earlier")
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
crypto/jitterentropy-kcapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 6ea1a270b8dc2..787dccca37159 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -198,7 +198,7 @@ static void __exit jent_mod_exit(void)
crypto_unregister_rng(&jent_alg);
}
-subsys_initcall(jent_mod_init);
+module_init(jent_mod_init);
module_exit(jent_mod_exit);
MODULE_LICENSE("Dual BSD/GPL");
--
2.21.0.1020.gf2820cf01a-goog
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH] crypto: jitterentropy - change back to module_init()
@ 2019-05-21 18:46 ` Eric Biggers
0 siblings, 0 replies; 8+ messages in thread
From: Eric Biggers @ 2019-05-21 18:46 UTC (permalink / raw
To: linux-crypto, Herbert Xu
Cc: Daniel Lezcano, Linux Kernel Mailing List, Linux-Renesas,
Geert Uytterhoeven, Thomas Gleixner, Linux ARM
From: Eric Biggers <ebiggers@google.com>
"jitterentropy_rng" doesn't have any other implementations, nor is it
tested by the crypto self-tests. So it was unnecessary to change it to
subsys_initcall. Also it depends on the main clocksource being
initialized, which may happen after subsys_initcall, causing this error:
jitterentropy: Initialization failed with host not compliant with requirements: 2
Change it back to module_init().
Fixes: c4741b230597 ("crypto: run initcalls for generic implementations earlier")
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
crypto/jitterentropy-kcapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 6ea1a270b8dc2..787dccca37159 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -198,7 +198,7 @@ static void __exit jent_mod_exit(void)
crypto_unregister_rng(&jent_alg);
}
-subsys_initcall(jent_mod_init);
+module_init(jent_mod_init);
module_exit(jent_mod_exit);
MODULE_LICENSE("Dual BSD/GPL");
--
2.21.0.1020.gf2820cf01a-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] crypto: jitterentropy - change back to module_init()
2019-05-21 18:46 ` Eric Biggers
@ 2019-05-22 7:21 ` Geert Uytterhoeven
-1 siblings, 0 replies; 8+ messages in thread
From: Geert Uytterhoeven @ 2019-05-22 7:21 UTC (permalink / raw
To: Eric Biggers
Cc: Linux Crypto Mailing List, Herbert Xu, Thomas Gleixner,
Daniel Lezcano, Linux Kernel Mailing List, Linux-Renesas,
Linux ARM
On Tue, May 21, 2019 at 8:46 PM Eric Biggers <ebiggers@kernel.org> wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> "jitterentropy_rng" doesn't have any other implementations, nor is it
> tested by the crypto self-tests. So it was unnecessary to change it to
> subsys_initcall. Also it depends on the main clocksource being
> initialized, which may happen after subsys_initcall, causing this error:
>
> jitterentropy: Initialization failed with host not compliant with requirements: 2
>
> Change it back to module_init().
>
> Fixes: c4741b230597 ("crypto: run initcalls for generic implementations earlier")
> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] crypto: jitterentropy - change back to module_init()
@ 2019-05-22 7:21 ` Geert Uytterhoeven
0 siblings, 0 replies; 8+ messages in thread
From: Geert Uytterhoeven @ 2019-05-22 7:21 UTC (permalink / raw
To: Eric Biggers
Cc: Herbert Xu, Daniel Lezcano, Linux Kernel Mailing List,
Linux-Renesas, Linux Crypto Mailing List, Thomas Gleixner,
Linux ARM
On Tue, May 21, 2019 at 8:46 PM Eric Biggers <ebiggers@kernel.org> wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> "jitterentropy_rng" doesn't have any other implementations, nor is it
> tested by the crypto self-tests. So it was unnecessary to change it to
> subsys_initcall. Also it depends on the main clocksource being
> initialized, which may happen after subsys_initcall, causing this error:
>
> jitterentropy: Initialization failed with host not compliant with requirements: 2
>
> Change it back to module_init().
>
> Fixes: c4741b230597 ("crypto: run initcalls for generic implementations earlier")
> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] crypto: jitterentropy - change back to module_init()
2019-05-21 18:46 ` Eric Biggers
@ 2019-05-30 13:42 ` Herbert Xu
-1 siblings, 0 replies; 8+ messages in thread
From: Herbert Xu @ 2019-05-30 13:42 UTC (permalink / raw
To: Eric Biggers
Cc: linux-crypto, Geert Uytterhoeven, Thomas Gleixner, Daniel Lezcano,
Linux Kernel Mailing List, Linux-Renesas, Linux ARM
On Tue, May 21, 2019 at 11:46:22AM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> "jitterentropy_rng" doesn't have any other implementations, nor is it
> tested by the crypto self-tests. So it was unnecessary to change it to
> subsys_initcall. Also it depends on the main clocksource being
> initialized, which may happen after subsys_initcall, causing this error:
>
> jitterentropy: Initialization failed with host not compliant with requirements: 2
>
> Change it back to module_init().
>
> Fixes: c4741b230597 ("crypto: run initcalls for generic implementations earlier")
> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
> crypto/jitterentropy-kcapi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] crypto: jitterentropy - change back to module_init()
@ 2019-05-30 13:42 ` Herbert Xu
0 siblings, 0 replies; 8+ messages in thread
From: Herbert Xu @ 2019-05-30 13:42 UTC (permalink / raw
To: Eric Biggers
Cc: Daniel Lezcano, Linux Kernel Mailing List, Linux-Renesas,
Geert Uytterhoeven, linux-crypto, Thomas Gleixner, Linux ARM
On Tue, May 21, 2019 at 11:46:22AM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> "jitterentropy_rng" doesn't have any other implementations, nor is it
> tested by the crypto self-tests. So it was unnecessary to change it to
> subsys_initcall. Also it depends on the main clocksource being
> initialized, which may happen after subsys_initcall, causing this error:
>
> jitterentropy: Initialization failed with host not compliant with requirements: 2
>
> Change it back to module_init().
>
> Fixes: c4741b230597 ("crypto: run initcalls for generic implementations earlier")
> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
> crypto/jitterentropy-kcapi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [PATCH] crypto: jitterentropy - change back to module_init()
[not found] ` <5289E5EC-C15F-44EB-BC5F-C5A515FFF272@amazon.com>
@ 2021-04-19 4:16 ` Mothershead, Hailey
2021-04-19 19:57 ` Eric Biggers
0 siblings, 1 reply; 8+ messages in thread
From: Mothershead, Hailey @ 2021-04-19 4:16 UTC (permalink / raw
To: linux-crypto@vger.kernel.org
Hello,
The patch quoted below causes the kernel to panic when fips is enabled with:
alg: ecdh: test failed on vector 2, err=-14
Kernel panic - not syncing: alg: self-tests for ecdh-generic (ecdh) failed in fips mode!
This test fails because jitterentropy hasn’t been initialized yet. The assumption that the patch makes, that jitter is not used by the crypto self-tests, does not hold with fips enabled.
With the patch reverted, i.e. with jitter initialized with module_init, the kernel is able to boot. How can this best be handled to allow the kernel to boot with fips enabled without running into issues with certain clocksources?
Best,
Hailey
From 9c5b34c2f7eb01976a5aa29ccdb786a634e3d1e0 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Tue, 21 May 2019 11:46:22 -0700
Subject: [PATCH] crypto: jitterentropy - change back to module_init()
"jitterentropy_rng" doesn't have any other implementations, nor is it
tested by the crypto self-tests. So it was unnecessary to change it to
subsys_initcall. Also it depends on the main clocksource being
initialized, which may happen after subsys_initcall, causing this error:
jitterentropy: Initialization failed with host not compliant with requirements: 2
Change it back to module_init().
Fixes: c4741b230597 ("crypto: run initcalls for generic implementations earlier")
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
crypto/jitterentropy-kcapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 6ea1a270b8dc..787dccca3715 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -198,7 +198,7 @@ static void __exit jent_mod_exit(void)
crypto_unregister_rng(&jent_alg);
}
-subsys_initcall(jent_mod_init);
+module_init(jent_mod_init);
module_exit(jent_mod_exit);
MODULE_LICENSE("Dual BSD/GPL");
--
2.16.6
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] crypto: jitterentropy - change back to module_init()
2021-04-19 4:16 ` [PATCH] crypto: jitterentropy - change back to module_init() Mothershead, Hailey
@ 2021-04-19 19:57 ` Eric Biggers
0 siblings, 0 replies; 8+ messages in thread
From: Eric Biggers @ 2021-04-19 19:57 UTC (permalink / raw
To: Mothershead, Hailey; +Cc: linux-crypto@vger.kernel.org
On Mon, Apr 19, 2021 at 04:16:13AM +0000, Mothershead, Hailey wrote:
> Hello,
>
> The patch quoted below causes the kernel to panic when fips is enabled with:
>
> alg: ecdh: test failed on vector 2, err=-14
> Kernel panic - not syncing: alg: self-tests for ecdh-generic (ecdh) failed in fips mode!
>
> This test fails because jitterentropy hasn’t been initialized yet. The assumption that the patch makes, that jitter is not used by the crypto self-tests, does not hold with fips enabled.
>
> With the patch reverted, i.e. with jitter initialized with module_init, the kernel is able to boot. How can this best be handled to allow the kernel to boot with fips enabled without running into issues with certain clocksources?
>
> Best,
> Hailey
I'd recommend looking into why the self-tests would be calling into
jitterentropy in the first place. That shouldn't be necessary; it doesn't make
sense for known-answer tests to be consuming random numbers.
- Eric
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-04-19 19:57 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <9A0645BD-E7B0-4A7B-BB8F-80C5616502FE@amazon.com>
[not found] ` <5289E5EC-C15F-44EB-BC5F-C5A515FFF272@amazon.com>
2021-04-19 4:16 ` [PATCH] crypto: jitterentropy - change back to module_init() Mothershead, Hailey
2021-04-19 19:57 ` Eric Biggers
2019-05-21 18:34 crypto: run initcalls for generic implementations earlier Eric Biggers
2019-05-21 18:46 ` [PATCH] crypto: jitterentropy - change back to module_init() Eric Biggers
2019-05-21 18:46 ` Eric Biggers
2019-05-22 7:21 ` Geert Uytterhoeven
2019-05-22 7:21 ` Geert Uytterhoeven
2019-05-30 13:42 ` Herbert Xu
2019-05-30 13:42 ` Herbert Xu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.