RE: [PATCH] crypto: jitterentropy - change back to module_init()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,
 
The patch quoted below causes the kernel to panic when fips is enabled with:
        
       alg: ecdh: test failed on vector 2, err=-14
       Kernel panic - not syncing: alg: self-tests for ecdh-generic (ecdh) failed in fips mode!
 
This test fails because jitterentropy hasn’t been initialized yet. The assumption that the patch makes, that jitter is not used by the crypto self-tests, does not hold with fips enabled.
 
With the patch reverted, i.e. with jitter initialized with module_init, the kernel is able to boot. How can this best be handled to allow the kernel to boot with fips enabled without running into issues with certain clocksources?
 
Best, 
Hailey
 
>From 9c5b34c2f7eb01976a5aa29ccdb786a634e3d1e0 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@xxxxxxxxxx>
Date: Tue, 21 May 2019 11:46:22 -0700
Subject: [PATCH] crypto: jitterentropy - change back to module_init()
 
"jitterentropy_rng" doesn't have any other implementations, nor is it
tested by the crypto self-tests.  So it was unnecessary to change it to
subsys_initcall.  Also it depends on the main clocksource being
initialized, which may happen after subsys_initcall, causing this error:
 
    jitterentropy: Initialization failed with host not compliant with requirements: 2
 
Change it back to module_init().
 
Fixes: c4741b230597 ("crypto: run initcalls for generic implementations earlier")
Reported-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Tested-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
---
crypto/jitterentropy-kcapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
 
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 6ea1a270b8dc..787dccca3715 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -198,7 +198,7 @@ static void __exit jent_mod_exit(void)
               crypto_unregister_rng(&jent_alg);
}
-subsys_initcall(jent_mod_init);
+module_init(jent_mod_init);
module_exit(jent_mod_exit);
 MODULE_LICENSE("Dual BSD/GPL");
-- 
2.16.6
 





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux