Re: FIPS mode: modprobe: ERROR: could not insert 'drbg'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stephan,

Thanks. I have already tried that. ‘drbg’ module is loaded fine in a
non-fips mode. Here are output from some commands.

I see that at some point you had a patch to use CONFIG_CRYPTO_LRNG. I am
not using that, could that be a problem ?

-Tapas


[root@localhost ~]# modprobe drbg
[root@localhost ~]# echo $?
0

[root@localhost ~]# dmesg | tail -5
[    3.636174] nf_conntrack version 0.5.0 (7168 buckets, 28672 max)
[    3.738645] NET: Registered protocol family 10
[    3.743004] ip6_tables: (C) 2000-2006 Netfilter Core Team
[    3.773384] input: ImExPS/2 BYD TouchPad as
/devices/platform/i8042/serio1/input/input3
[    3.776803] mousedev: PS/2 mouse device common for all mice

[root@localhost ~]# lsmod | grep drbg
drbg                   14147  1

[root@localhost ~]# modinfo drbg
filename:       /lib/modules/4.7.0-1.tos2_5/kernel/crypto/drbg.ko.gz
alias:          crypto-stdrng
alias:          stdrng
description:    NIST SP800-90A Deterministic Random Bit Generator (DRBG)
using following cores: HMAC
author:         Stephan Mueller <smueller@xxxxxxxxxx>
license:        GPL
alias:          crypto-drbg_nopr_hmac_sha1
alias:          drbg_nopr_hmac_sha1
alias:          crypto-drbg_pr_hmac_sha1
alias:          drbg_pr_hmac_sha1
alias:          crypto-drbg_nopr_hmac_sha256
alias:          drbg_nopr_hmac_sha256
alias:          crypto-drbg_pr_hmac_sha256
alias:          drbg_pr_hmac_sha256
alias:          crypto-drbg_nopr_hmac_sha384
alias:          drbg_nopr_hmac_sha384
alias:          crypto-drbg_pr_hmac_sha384
alias:          drbg_pr_hmac_sha384
alias:          crypto-drbg_nopr_hmac_sha512
alias:          drbg_nopr_hmac_sha512
alias:          crypto-drbg_pr_hmac_sha512
alias:          drbg_pr_hmac_sha512
depends:
intree:         Y
vermagic:       4.7.0-1.tos2_5 SMP mod_unload modversions







On 8/9/16, 12:05 PM, "Stephan Mueller" <smueller@xxxxxxxxxx> wrote:

>Am Dienstag, 9. August 2016, 16:34:59 CEST schrieb Tapas Sarangi:
>
>Hi Tapas,
>
>> Hi Stephan,
>>
>> Following up from the other thread:
>>
>> While trying to boot in FIPS mode, kernel panics with the following
>> message. So far, I don¹t have success to get more information about
>>which
>> module or symbol is causing this. I haven¹t found any errors or warnings
>> in kernel compilation. It boots fine in a non-fips mode.
>>
>> I am also pasting the CRYPTO related configs that I have enabled (See
>> below).
>
>I do not see the issue immediately. Could you boot without fips=1 and do
>a
>modprobe drbg ?
>
>I am also testing fips=1 now.
>
>Ciao
>Stephan


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
ÿ淸º{.nÇ+돴윯돪†+%듚ÿ깁負¥Šwÿº{.nÇ+돴¥Š{깰敢┾ÿŠ{ayºÊ뉅숇,j?f"·hš륅곴ÿ묎çz_溫(?šŽ듶¢j"얎¶m§ÿÿ¾?G«앶ÿ◀?솳鈺Ú&x§~뤳




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux