While booting 5.13.0-next20210629 on a Power server, following
warning is seen:
[ 0.076955] DRBG: could not allocate digest TFM handle: hmac(sha512)
[ 0.076960] alg: drbg: Failed to reset rng
[ 0.076963] alg: drbg: Test 0 failed for drbg_nopr_hmac_sha512
[ 0.076967] ------------[ cut here ]------------
[ 0.076970] alg: self-tests for drbg_nopr_hmac_sha512 (stdrng) failed (rc=-22)
[ 0.076977] WARNING: CPU: 10 PID: 153 at crypto/testmgr.c:5653 alg_test+0x484/0x860
[ 0.076989] Modules linked in:
[ 0.076993] CPU: 10 PID: 153 Comm: cryptomgr_test Not tainted 5.13.0-next-20210629 #1
[ 0.076998] NIP: c00000000063ea44 LR: c00000000063ea40 CTR: c000000000730b40
[ 0.077003] REGS: c00000000e7ff960 TRAP: 0700 Not tainted (5.13.0-next-20210629)
[ 0.077007] MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 28008222 XER: 20040005
[ 0.077018] CFAR: c000000000150a00 IRQMASK: 0
[ 0.077018] GPR00: c00000000063ea40 c00000000e7ffc00 c0000000029bc300 0000000000000042
[ 0.077018] GPR04: 00000000ffff7fff c00000000e7ff8c0 c00000000e7ff8b8 0000000000000000
[ 0.077018] GPR08: 00000009f98e0000 c0000000024f66f0 c0000000024f66f0 c000000002876838
[ 0.077018] GPR12: 0000000000008000 c00000001ec7a280 c00000000018ce88 c000000003b300c0
[ 0.077018] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 0.077018] GPR20: 0000000000000000 0000000000000000 c000000002a9ab20 c000000000fb5278
[ 0.077018] GPR24: c000000010a85200 c000000000d61fa8 c000000010a85280 0000000000000400
[ 0.077018] GPR28: c000000010a85200 000000000000000c c000000002ccf230 ffffffffffffffea
[ 0.077072] NIP [c00000000063ea44] alg_test+0x484/0x860
[ 0.077077] LR [c00000000063ea40] alg_test+0x480/0x860
[ 0.077082] Call Trace:
[ 0.077085] [c00000000e7ffc00] [c00000000063ea40] alg_test+0x480/0x860 (unreliable)
[ 0.077091] [c00000000e7ffd70] [c00000000063ca60] cryptomgr_test+0x40/0x70
[ 0.077097] [c00000000e7ffda0] [c00000000018d014] kthread+0x194/0x1a0
[ 0.077103] [c00000000e7ffe10] [c00000000000c750] ret_from_kernel_thread+0x5c/0x6c
[ 0.077110] Instruction dump:
[ 0.077113] 409e0298 3d220031 89292f56 2f890000 409e0288 3c62fe63 7f45d378 7f84e378
[ 0.077121] 7fe6fb78 38633260 4bb11f5d 60000000 <0fe00000> e8010180 eb210138 7c0803a6
[ 0.077131] ---[ end trace a1cc3999f90f0962 ]---
[ 0.077585] iommu: Default domain type: Translated
This new self test was introduced with
commit 8833272d876e
crypto: drbg - self test for HMAC(SHA-512)
Thanks
-Sachin
With the swtich to use HMAC(SHA-512) as the default DRBG type, the
configuration must now also select SHA-512.
Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG as default
DRBG"
Reported-by: Sachin Sant <[email protected]>
Signed-off-by: Stephan Mueller <[email protected]>
---
crypto/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index ca3b02dcbbfa..64b772c5d1c9 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1768,7 +1768,7 @@ config CRYPTO_DRBG_HMAC
bool
default y
select CRYPTO_HMAC
- select CRYPTO_SHA256
+ select CRYPTO_SHA512
config CRYPTO_DRBG_HASH
bool "Enable Hash DRBG"
--
2.31.1
> On 30-Jun-2021, at 4:02 PM, Stephan Mueller <[email protected]> wrote:
>
> With the swtich to use HMAC(SHA-512) as the default DRBG type, the
> configuration must now also select SHA-512.
>
> Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG as default
> DRBG"
> Reported-by: Sachin Sant <[email protected]>
> Signed-off-by: Stephan Mueller <[email protected]>
> ---
Thanks Stephan. This patch fixes the reported problem.
Tested-by: Sachin Sant <[email protected]>
-Sachin
Stephan Mueller <[email protected]> wrote:
> With the swtich to use HMAC(SHA-512) as the default DRBG type, the
> configuration must now also select SHA-512.
>
> Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG as default
> DRBG"
> Reported-by: Sachin Sant <[email protected]>
> Signed-off-by: Stephan Mueller <[email protected]>
> ---
> crypto/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Patch applied. Thanks.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Sat, Aug 14, 2021 at 06:23:26PM +0200, Borislav Petkov wrote:
> On Fri, Jul 16, 2021 at 04:14:12PM +0800, Herbert Xu wrote:
> > Stephan Mueller <[email protected]> wrote:
> > > With the swtich to use HMAC(SHA-512) as the default DRBG type, the
> > > configuration must now also select SHA-512.
> > >
> > > Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG as default
> > > DRBG"
> > > Reported-by: Sachin Sant <[email protected]>
> > > Signed-off-by: Stephan Mueller <[email protected]>
> > > ---
> > > crypto/Kconfig | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > Patch applied. Thanks.
>
> Is that patch going to Linus anytime soon?
>
> I still see it on latest rc5+:
I'll push it up this week.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu <[email protected]> a écrit :
> On Sat, Aug 14, 2021 at 06:23:26PM +0200, Borislav Petkov wrote:
>> On Fri, Jul 16, 2021 at 04:14:12PM +0800, Herbert Xu wrote:
>> > Stephan Mueller <[email protected]> wrote:
>> > > With the swtich to use HMAC(SHA-512) as the default DRBG type, the
>> > > configuration must now also select SHA-512.
>> > >
>> > > Fixes: 9b7b94683a9b "crypto: DRBG - switch to HMAC SHA512 DRBG
>> as default
>> > > DRBG"
>> > > Reported-by: Sachin Sant <[email protected]>
>> > > Signed-off-by: Stephan Mueller <[email protected]>
>> > > ---
>> > > crypto/Kconfig | 2 +-
>> > > 1 file changed, 1 insertion(+), 1 deletion(-)
>> >
>> > Patch applied. Thanks.
>>
>> Is that patch going to Linus anytime soon?
>>
>> I still see it on latest rc5+:
>
> I'll push it up this week.
The fixes tag has a problem it seems. Should be corrected before pushing.
Christophe
>
> Thanks,
> --
> Email: Herbert Xu <[email protected]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Mon, Aug 16, 2021 at 04:45:14AM +0200, Christophe Leroy wrote:
>
> The fixes tag has a problem it seems. Should be corrected before pushing.
It's too late for that. This commit is at the base of many other
subsequent changes.
Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt