Re: [PATCH] crypto: jitterentropy - change back to module_init()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 19, 2021 at 04:16:13AM +0000, Mothershead, Hailey wrote:
> Hello,
>  
> The patch quoted below causes the kernel to panic when fips is enabled with:
>         
>        alg: ecdh: test failed on vector 2, err=-14
>        Kernel panic - not syncing: alg: self-tests for ecdh-generic (ecdh) failed in fips mode!
>  
> This test fails because jitterentropy hasn’t been initialized yet. The assumption that the patch makes, that jitter is not used by the crypto self-tests, does not hold with fips enabled.
>  
> With the patch reverted, i.e. with jitter initialized with module_init, the kernel is able to boot. How can this best be handled to allow the kernel to boot with fips enabled without running into issues with certain clocksources?
>  
> Best, 
> Hailey

I'd recommend looking into why the self-tests would be calling into
jitterentropy in the first place.  That shouldn't be necessary; it doesn't make
sense for known-answer tests to be consuming random numbers.

- Eric



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux