lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090827183500.GC24973@resivo.wgnet.de>
Date:	Thu, 27 Aug 2009 20:35:01 +0200
From:	Jonas Meurer <jonas@...esources.org>
To:	Randy Dunlap <randy.dunlap@...cle.com>, 541835@...s.debian.org
Cc:	Celejar <celejar@...il.com>, lkml <linux-kernel@...r.kernel.org>
Subject: Re: [pkg-cryptsetup-devel] Bug#541835: crypto configuration /
 dependencies broken

hey,

On 27/08/2009 Randy Dunlap wrote:
> On Tue, 25 Aug 2009 19:58:52 -0400 Celejar wrote:
> 
> > I'm having a pretty bizarre problem with my kernel crypto
> > configuration.  I need support for a bog standard LUKS (aes /
> > cbc-essiv:sha256) / cryptsetup installation, but even after I enable
> > virtually everything in the crypto section of the kernel configs, cbc
> > fails to load.  All the relevant modules are exist (dm-mod, dm-crypt,
> > crypto_blkcipher, crypto_algapi, crypto_hash, aes_generic,
> > sha256_generic), but even after modprobing / insmoding
> > everything, /proc/crypto shows that aes and sha is there, but not cbc.
> > 
> > The problem has been reproduced (using my kernel config) by Jonas
> > Meurer, the Debian cryptsetup maintainer, so it's not just me ;).
> > We've tried numerous different kernel versions in the .30 / .31 range.
> > 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541835
> > 
> > Does this mean that something else somewhere in the kernel needs to be
> > configured but isn't, and the necessary dependency isn't properly
> > declared?
> > 
> > My config is at:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=45;filename=config-2.6.31-rc6-lizzie-00042-gb2add73;att=1;bug=541835
> > 
> > [I'm not subscribed to lkml; please cc me on responses]
> 
> 
> You could try/test a patch that was just posted:
>   http://lkml.org/lkml/2009/8/27/249

that patch seems to be for ecryptfs only, while Celejar uses dm-crypt.
second, the patch just ensures that CRYPTO_ECB and CRYPTO_CBC are
selected along with ECRYPT_FS. but Celejar does have both CRYPTO_ECB and
CRYPTO_CBC selected.

the problem rather is that loading the cbc blockcipher module simply
does nothing. the module is listed in /proc/modules, but the blockcipher
is still missing from /proc/crypto.

the problem is not reproducible with a debian/unstable 2.6.30.6 kernel,
even though it has cbc compiled as module as well. but if I recompile
the same kernel sources with Celejars kernel .config, the problem
occurs. thus it must be related to the kernel config in some way.

greetings,
 jonas



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ