| Message ID | 304ee0376383d9ceecddbfd216c035215bbff861.camel@chronox.de (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: DRBG - select SHA512 | expand |
> On 30-Jun-2021, at 4:02 PM, Stephan Mueller <smueller@chronox.de> wrote: > > With the swtich to use HMAC(SHA-512) as the default DRBG type, the > configuration must now also select SHA-512. > > Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG as default > DRBG" > Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com> > Signed-off-by: Stephan Mueller <smueller@chronox.com> > --- Thanks Stephan. This patch fixes the reported problem. Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com> -Sachin
Stephan Mueller <smueller@chronox.de> wrote: > With the swtich to use HMAC(SHA-512) as the default DRBG type, the > configuration must now also select SHA-512. > > Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG as default > DRBG" > Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com> > Signed-off-by: Stephan Mueller <smueller@chronox.com> > --- > crypto/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Patch applied. Thanks.
On Fri, Jul 16, 2021 at 04:14:12PM +0800, Herbert Xu wrote: > Stephan Mueller <smueller@chronox.de> wrote: > > With the swtich to use HMAC(SHA-512) as the default DRBG type, the > > configuration must now also select SHA-512. > > > > Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG as default > > DRBG" > > Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com> > > Signed-off-by: Stephan Mueller <smueller@chronox.com> > > --- > > crypto/Kconfig | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Patch applied. Thanks. Is that patch going to Linus anytime soon? I still see it on latest rc5+: DRBG: could not allocate digest TFM handle: hmac(sha512) alg: drbg: Failed to reset rng alg: drbg: Test 0 failed for drbg_nopr_hmac_sha512 ------------[ cut here ]------------ alg: self-tests for drbg_nopr_hmac_sha512 (stdrng) failed (rc=-22) WARNING: CPU: 3 PID: 76 at crypto/testmgr.c:5652 alg_test.part.0+0x132/0x3c0 Modules linked in: CPU: 3 PID: 76 Comm: cryptomgr_test Not tainted 5.14.0-rc5+ #1 Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET86WW (2.06 ) 11/13/2012 RIP: 0010:alg_test.part.0+0x132/0x3c0 Code: c0 74 2e 80 3d 7f 61 ad 02 00 0f 85 c0 64 5f 00 44 89 c1 4c 89 f2 4c 89 ee 44 89 44 24 04 48 c7 c7 f8 0a 11 82 e8 8c 57 5e 00 <0f> 0b 44 8b 44 24 04 48 8b 84 24 98 00 00 00 65 48 2b 04 25 28 00 RSP: 0000:ffffc9000078fe38 EFLAGS: 00010292 RAX: 0000000000000042 RBX: 00000000ffffffff RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffffffff810f520f RDI: ffffffff810f520f RBP: 0000000000000053 R08: 0000000000000001 R09: 0000000000000001 R10: ffff888219df9000 R11: 3fffffffffffffff R12: 0000000000000053 R13: ffff888100c0ee00 R14: ffff888100c0ee80 R15: 00000000000014c0 FS: 0000000000000000(0000) GS:ffff888211f80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002412001 CR4: 00000000001706e0 Call Trace: ? lock_is_held_type+0xd5/0x130 ? find_held_lock+0x2b/0x80 ? preempt_count_sub+0x9b/0xd0 ? crypto_acomp_scomp_free_ctx+0x30/0x30 cryptomgr_test+0x27/0x50 kthread+0x144/0x170 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x22/0x30 irq event stamp: 411 hardirqs last enabled at (419): [<ffffffff810f6972>] console_unlock+0x332/0x570 hardirqs last disabled at (426): [<ffffffff810f6a1f>] console_unlock+0x3df/0x570 softirqs last enabled at (234): [<ffffffff81c00329>] __do_softirq+0x329/0x496 softirqs last disabled at (151): [<ffffffff8108248d>] irq_exit_rcu+0xdd/0x130 ---[ end trace edfdfd51982deb2d ]---
On Sat, Aug 14, 2021 at 06:23:26PM +0200, Borislav Petkov wrote: > On Fri, Jul 16, 2021 at 04:14:12PM +0800, Herbert Xu wrote: > > Stephan Mueller <smueller@chronox.de> wrote: > > > With the swtich to use HMAC(SHA-512) as the default DRBG type, the > > > configuration must now also select SHA-512. > > > > > > Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG as default > > > DRBG" > > > Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com> > > > Signed-off-by: Stephan Mueller <smueller@chronox.com> > > > --- > > > crypto/Kconfig | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > Patch applied. Thanks. > > Is that patch going to Linus anytime soon? > > I still see it on latest rc5+: I'll push it up this week. Thanks,
On Mon, Aug 16, 2021 at 04:45:14AM +0200, Christophe Leroy wrote: > > The fixes tag has a problem it seems. Should be corrected before pushing. It's too late for that. This commit is at the base of many other subsequent changes. Cheers,
Herbert Xu <herbert@gondor.apana.org.au> a écrit : > On Sat, Aug 14, 2021 at 06:23:26PM +0200, Borislav Petkov wrote: >> On Fri, Jul 16, 2021 at 04:14:12PM +0800, Herbert Xu wrote: >> > Stephan Mueller <smueller@chronox.de> wrote: >> > > With the swtich to use HMAC(SHA-512) as the default DRBG type, the >> > > configuration must now also select SHA-512. >> > > >> > > Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG >> as default >> > > DRBG" >> > > Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com> >> > > Signed-off-by: Stephan Mueller <smueller@chronox.com> >> > > --- >> > > crypto/Kconfig | 2 +- >> > > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > Patch applied. Thanks. >> >> Is that patch going to Linus anytime soon? >> >> I still see it on latest rc5+: > > I'll push it up this week. The fixes tag has a problem it seems. Should be corrected before pushing. Christophe > > Thanks, > -- > Email: Herbert Xu <herbert@gondor.apana.org.au> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/crypto/Kconfig b/crypto/Kconfig index ca3b02dcbbfa..64b772c5d1c9 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1768,7 +1768,7 @@ config CRYPTO_DRBG_HMAC bool default y select CRYPTO_HMAC - select CRYPTO_SHA256 + select CRYPTO_SHA512 config CRYPTO_DRBG_HASH bool "Enable Hash DRBG"
With the swtich to use HMAC(SHA-512) as the default DRBG type, the configuration must now also select SHA-512. Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG as default DRBG" Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com> Signed-off-by: Stephan Mueller <smueller@chronox.com> --- crypto/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)