[PATCH 0/8] crypto: rng - Avoid boot failure with missing DRBG module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi:

Distros use an initramfs to boot the system.  The initramfs may
not contain all the modules that are normally present on the system.
This poses a problem to the new default DRBG because it may be
built as a module.  This isn't a problem itself since it is only
meant to be used by IV generators which are now explicit.  However,
as we still have legacy algorithms that are yet to be converted,
they will not be available unless DRBG is loaded first.

The upshot is that the system may fail to boot if DRBG isn't in
the initramfs and the system uses file system encryption for the
root file system.

This series avoids this issue by allowing legacy IV generators
to function even when an RNG is not available.  Only the givencrypt
functionality will be unavilable if the RNG is absent.

This change brings up a new problem.  Up until now the system
RNG has been held down by the instances of the IV generators.
This meant that it was never freed unless all IV generator instances
were removed from the system.

The new code only holds the RNG during algorithm initialisation.
So unless something was done the crypto system RNG would be freed
and allocated all the time which is not a good thing.

This series avoids this by only freeing the system RNG when the
admin requests it through the crypto_user interface.  A new command
DELRNG has been added for this purpose.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux