lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090831155200.GD7678@resivo.wgnet.de>
Date:	Mon, 31 Aug 2009 17:52:00 +0200
From:	Jonas Meurer <jonas@...esources.org>
To:	Sebastian Andrzej Siewior <sebastian@...breakpoint.cc>
Cc:	Celejar <celejar@...il.com>,
	Randy Dunlap <randy.dunlap@...cle.com>, 541835@...s.debian.org,
	lkml <linux-kernel@...r.kernel.org>, linux-crypto@...r.kernel.org
Subject: Re: [pkg-cryptsetup-devel] Bug#541835: crypto configuration /
 dependencies broken

hey,

On 30/08/2009 Sebastian Andrzej Siewior wrote:
> * Sebastian Andrzej Siewior | 2009-08-28 10:00:56 [+0200]:
> 
> >>> the problem is not reproducible with a debian/unstable 2.6.30.6 kernel,
> >>> even though it has cbc compiled as module as well. but if I recompile
> >>> the same kernel sources with Celejars kernel .config, the problem
> >>> occurs. thus it must be related to the kernel config in some way.
> >It must be the kernel confing since I run .30.stable and it works. I try
> >to look at it later.
> 
> Your kernel config is fine, the problem is that the initramfs tools do
> not copy all of the required modules into the initramfs. The missing
> modles are:
> - cryptomgr: that one is responsible to load the cbc and aes module and
>   bind them to cbc(aes)
> - chainiv: that one creates IVs if the "user" does not specify one.
>   dm-crypt probably does not use that one but is required due to the way
>   crypto works atm.
> - krng: provides random numbers and is required by chainiv.
> 
> If you add those three to /etc/initramfs/modules than it should work.
> 
> Could someone please look at initramfs to figure out why those three
> modules are not copied in this reduced setup?

the reason is simply that no other crypto modules define depends on the
listed ones:

# modinfo -F depends dm-crypt
dm-mod,crypto_blkcipher

# modinfo -F aes_generic sha256_generic cbc
crypto_algapi
crypto_hash
crypto_algapi,crypto_blkcipher

# modinfo -F crypto_blkcipher crypto_hash
crypto_algapi
crypto_algapi

and even the new modules don't depend on each other:

# modinfo -F cryptomgr
crypto_hash,crypto_algapi,crypto_blkcipher,aead,pcompress

# modinfo -F chainiv
crypto_algapi,rng,crypto_wq,crypto_blkcipher

# modinfo -F krng
rng,crypto_algapi

so the following depends should be added/changed:

- chainiv should depend o 'krng' instead of 'rng' at least
- maybe cipher modules like aes,serpent,... should depend on 'cryptomgr'
  instead of 'crypto_algapi'
- crypto_algapi should depend on chainiv

these changes are pure guesses, i don't know the details. but at least
additional depends need to be defined for crypto modules, don't you
think so?

greetings,
 jonas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ