lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4632.1451799253@turing-police.cc.vt.edu>
Date:	Sun, 03 Jan 2016 00:34:13 -0500
From:	Valdis Kletnieks <Valdis.Kletnieks@...edu>
To:	Herbert Xu <herbert@...dor.apana.org.au>,
	"David S. Miller" <davem@...emloft.net>
Cc:	linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org
Subject: next-20151231 - aes crypto algorithm went missing?

So booting into a next-20151222 kernel, I can mount an external drive
that uses cryptLuks.  I try -1231, and I get this failure:

Failed to setup dm-crypt key mapping for device /dev/sdb2.
Check that kernel supports aes-cbc-essiv:sha256 cipher (check syslog for more info).

Tracked it down to this difference in /proc/crypto between the 12/22 and 12/31:

diff -u crypto.1222 crypto.1231
--- crypto.1222 2016-01-03 00:16:28.912507156 -0500
+++ crypto.1231 2016-01-03 00:09:14.243081574 -0500
@@ -1,37 +1,8 @@
-name         : ecb(aes)
-driver       : ecb(aes-asm)
-module       : kernel
-priority     : 200
-refcnt       : 1
-selftest     : passed
-internal     : no
-type         : blkcipher
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-ivsize       : 0
-geniv        : <default>
-
-name         : cbc(aes)
-driver       : cbc(aes-asm)
-module       : kernel
-priority     : 200
-refcnt       : 2
-selftest     : passed
-internal     : no
-type         : givcipher
-async        : no
-blocksize    : 16
-min keysize  : 16
-max keysize  : 32
-ivsize       : 16
-geniv        : eseqiv
-
 name         : ccm(aes)
 driver       : ccm_base(ctr(aes-asm),aes-asm)
 module       : kernel
 priority     : 200

Not seeing any obvious error messages about failed self-tests in dmesg output.

Not seeing a difference in .config that would explain it:

grep AES /boot/config-4.4.0-rc[67]*
/boot/config-4.4.0-rc6-next-20151222-dirty:CONFIG_CRYPTO_AES=y
/boot/config-4.4.0-rc6-next-20151222-dirty:CONFIG_CRYPTO_AES_X86_64=y
/boot/config-4.4.0-rc6-next-20151222-dirty:# CONFIG_CRYPTO_AES_NI_INTEL is not set
/boot/config-4.4.0-rc6-next-20151222-dirty:CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
/boot/config-4.4.0-rc6-next-20151222-dirty:CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
/boot/config-4.4.0-rc7-next-20151231-00006-gc66c8c42ba97:CONFIG_CRYPTO_AES=y
/boot/config-4.4.0-rc7-next-20151231-00006-gc66c8c42ba97:CONFIG_CRYPTO_AES_X86_64=y
/boot/config-4.4.0-rc7-next-20151231-00006-gc66c8c42ba97:# CONFIG_CRYPTO_AES_NI_INTEL is not set
/boot/config-4.4.0-rc7-next-20151231-00006-gc66c8c42ba97:CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
/boot/config-4.4.0-rc7-next-20151231-00006-gc66c8c42ba97:CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m

The module was built, and nothing's touched that source in a while:

[/usr/src/linux-next] find crypto/ -name '*aes*' -ls
  2104235     12 -rw-r--r--   1  source   source      11000 Jan  2 03:44 crypto/aes_generic.dwo
  2104241     32 -rw-r--r--   1  source   source      32645 Jan  2 03:44 crypto/.aes_generic.o.cmd
  2111768     64 -rw-r--r--   1  source   source      63440 Jan 20  2015 crypto/aes_generic.c
  2104179     56 -rw-r--r--   1  source   source      54664 Jan  2 03:44 crypto/aes_generic.o

This ringing any bells, before I start the New Year with a bisect? :)


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ