| Message ID | 20240321144433.1671394-1-stefanb@linux.ibm.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: ecdsa - Fix module auto-load on add-key | expand |
On Thu, Mar 21, 2024 at 10:44:33AM -0400, Stefan Berger wrote: > Add module alias with the algorithm cra_name similar to what we have for > RSA-related and other algorithms. > > The kernel attempts to modprobe asymmetric algorithms using the names > "crypto-$cra_name" and "crypto-$cra_name-all." However, since these > aliases are currently missing, the modules are not loaded. For instance, > when using the `add_key` function, the hash algorithm is typically > loaded automatically, but the asymmetric algorithm is not. > > Steps to test: > > 1. Create certificate > > openssl req -x509 -sha256 -newkey ec \ > -pkeyopt "ec_paramgen_curve:secp384r1" -keyout key.pem -days 365 \ > -subj '/CN=test' -nodes -outform der -out nist-p384.der > > 2. Optionally, trace module requests with: trace-cmd stream -e module & > > 3. Trigger add_key call for the cert: > > # keyctl padd asymmetric "" @u < nist-p384.der > 641069229 > # lsmod | head -2 > Module Size Used by > ecdsa_generic 16384 0 > > Fixes: c12d448ba939 ("crypto: ecdsa - Register NIST P384 and extend test suite") > Cc: stable@vger.kernel.org > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Vitaly Chikunov <vt@altlinux.org> > --- > crypto/ecdsa.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c > index fbd76498aba8..3f9ec273a121 100644 > --- a/crypto/ecdsa.c > +++ b/crypto/ecdsa.c > @@ -373,4 +373,7 @@ module_exit(ecdsa_exit); > MODULE_LICENSE("GPL"); > MODULE_AUTHOR("Stefan Berger <stefanb@linux.ibm.com>"); > MODULE_DESCRIPTION("ECDSA generic algorithm"); > +MODULE_ALIAS_CRYPTO("ecdsa-nist-p192"); > +MODULE_ALIAS_CRYPTO("ecdsa-nist-p256"); > +MODULE_ALIAS_CRYPTO("ecdsa-nist-p384"); > MODULE_ALIAS_CRYPTO("ecdsa-generic"); > -- > 2.43.0
On Thu, Mar 21, 2024 at 10:44:33AM -0400, Stefan Berger wrote: > Add module alias with the algorithm cra_name similar to what we have for > RSA-related and other algorithms. > > The kernel attempts to modprobe asymmetric algorithms using the names > "crypto-$cra_name" and "crypto-$cra_name-all." However, since these > aliases are currently missing, the modules are not loaded. For instance, > when using the `add_key` function, the hash algorithm is typically > loaded automatically, but the asymmetric algorithm is not. > > Steps to test: > > 1. Create certificate > > openssl req -x509 -sha256 -newkey ec \ > -pkeyopt "ec_paramgen_curve:secp384r1" -keyout key.pem -days 365 \ > -subj '/CN=test' -nodes -outform der -out nist-p384.der > > 2. Optionally, trace module requests with: trace-cmd stream -e module & > > 3. Trigger add_key call for the cert: > > # keyctl padd asymmetric "" @u < nist-p384.der > 641069229 > # lsmod | head -2 > Module Size Used by > ecdsa_generic 16384 0 > > Fixes: c12d448ba939 ("crypto: ecdsa - Register NIST P384 and extend test suite") > Cc: stable@vger.kernel.org > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> > --- > crypto/ecdsa.c | 3 +++ > 1 file changed, 3 insertions(+) Patch applied. Thanks.
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index fbd76498aba8..3f9ec273a121 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -373,4 +373,7 @@ module_exit(ecdsa_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Stefan Berger <stefanb@linux.ibm.com>"); MODULE_DESCRIPTION("ECDSA generic algorithm"); +MODULE_ALIAS_CRYPTO("ecdsa-nist-p192"); +MODULE_ALIAS_CRYPTO("ecdsa-nist-p256"); +MODULE_ALIAS_CRYPTO("ecdsa-nist-p384"); MODULE_ALIAS_CRYPTO("ecdsa-generic");
Add module alias with the algorithm cra_name similar to what we have for RSA-related and other algorithms. The kernel attempts to modprobe asymmetric algorithms using the names "crypto-$cra_name" and "crypto-$cra_name-all." However, since these aliases are currently missing, the modules are not loaded. For instance, when using the `add_key` function, the hash algorithm is typically loaded automatically, but the asymmetric algorithm is not. Steps to test: 1. Create certificate openssl req -x509 -sha256 -newkey ec \ -pkeyopt "ec_paramgen_curve:secp384r1" -keyout key.pem -days 365 \ -subj '/CN=test' -nodes -outform der -out nist-p384.der 2. Optionally, trace module requests with: trace-cmd stream -e module & 3. Trigger add_key call for the cert: # keyctl padd asymmetric "" @u < nist-p384.der 641069229 # lsmod | head -2 Module Size Used by ecdsa_generic 16384 0 Fixes: c12d448ba939 ("crypto: ecdsa - Register NIST P384 and extend test suite") Cc: stable@vger.kernel.org Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- crypto/ecdsa.c | 3 +++ 1 file changed, 3 insertions(+)