Bug 470929 - rng header needs to be in kernel-devel
Summary: rng header needs to be in kernel-devel
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Neil Horman
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks: FIPS-140-Tracker
TreeView+ depends on / blocked
 
Reported: 2008-11-10 21:55 UTC by Jarod Wilson
Modified: 2009-09-02 08:51 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-02 08:51:26 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
patch to add rng.h to kernel-devel (620 bytes, patch)
2008-11-11 18:46 UTC, Neil Horman
no flags Details | Diff
new attempt at including rng header (896 bytes, patch)
2009-02-26 19:47 UTC, Neil Horman
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1243 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update 2009-09-01 08:53:34 UTC

Description Jarod Wilson 2008-11-10 21:55:36 UTC
Description of problem:
The rng header, include/crypto/rng.h, needs to be part of the kernel-devel package like the other crypto bits, so that the rng interfaces can be utilized by out-of-tree stuff (notably, the fips cavs rng crypto test).

Version-Release number of selected component (if applicable):
kernel-2.6.18-122.el5

Comment 1 Neil Horman 2008-11-11 14:10:02 UTC
Jarod, I just  checked kernel-devel-2.6.18-122.el5.x86_64, and what you need appears to be already there:
=========================================================================
[nhorman@hmsendeavour x86_64]$ rpm -qlip kernel-devel-2.6.18-122.el5.x86_64.rpm | grep rng
/usr/src/kernels/2.6.18-122.el5-x86_64/include/config/crypto/ansi/cprng.h
/usr/src/kernels/2.6.18-122.el5-x86_64/include/config/crypto/rng.h
[nhorman@hmsendeavour x86_64]$ 
==========================================================================

Can you double check to make sure we're both seeing the same thing?  Thanks!

Comment 2 Jarod Wilson 2008-11-11 14:46:22 UTC
I do have the include/config/crypto/rng.h file as well, but that's not the actual header file -- try cat'ing it. :)

I'm not sure *what* all the stuff under include/config/ is for, but upon spot-checking, everything in there is empty...

Comment 3 Neil Horman 2008-11-11 15:43:07 UTC
ugh, you're right.  Although looking at it, it doesn't look like any of the api types are properly exported via kernel-devel.  how are you getting at the rest of the apis?

Comment 4 Jarod Wilson 2008-11-11 16:04:04 UTC
Thus far, everything else I've needed has been in:

/* crypto headers */
#include <linux/crypto.h>
#include <linux/ncrypto.h>
#include <linux/crypto/mpi.h>

Comment 5 Neil Horman 2008-11-11 18:46:48 UTC
Created attachment 323212 [details]
patch to add rng.h to kernel-devel

Yeah, do me a favor, build/test a kernel set with this patch please.  I'll probably still have to fix up rng.h with an ifdef __KERNEL__ and mark it as unifdef, but this should get it in the kernel-devel package I think.  Thanks!

Comment 6 Jarod Wilson 2008-11-12 22:59:43 UTC
Crud, I just lost the scrollback, but the build errored out, something about not finding rng.h somewhere or something like that... :\

Comment 7 Neil Horman 2008-11-13 14:14:57 UTC
let me know what the error is and I'll fix it up as needed

Comment 8 Jarod Wilson 2008-11-13 21:33:43 UTC
Here's what I get:

[...]
+ scripts/hdrcheck.sh /var/tmp/kernel-2.6.18-123.el5.fips4-root/usr/include /var/tmp/kernel-2.6.18-123.el5.fips4-root/usr/include/asm-i386/ldt.h
+ echo -e '*****\n*****'
+ grep -q exist hdrwarnings.txt
+ sed 's:^/var/tmp/kernel-2.6.18-123.el5.fips4-root/usr/include/::' hdrwarnings.txt
*****
*****
HEADER EXPORT WARNINGS:
*****
crypto/rng.h requires linux/crypto.h, which does not exist in exported headers
*****
*****
+ exit 1
RPM build errors:
error: Bad exit status from /var/tmp/rpm-tmp.30527 (%install)
    Bad exit status from /var/tmp/rpm-tmp.30527 (%install)

Comment 9 Neil Horman 2008-11-14 01:54:30 UTC
Shoot, I'm sorry Jarod, I typoed in my patch, the crypto/Kbuild file in the patch needs to be changed so that instead of reading:
header-y += rng.h
should be changed so that it reads:
unifdef-y += rnh.h


If you change that, it should work.  Thanks

Comment 10 Jarod Wilson 2008-11-14 14:42:40 UTC
Build went fine w/that change, but the header file still didn't make it into kernel-devel. :(

Comment 11 Neil Horman 2008-11-24 20:13:56 UTC
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=1586157

There you go jarod.  That appears to have everything you need.  Please confirm and I'll put this upstream and in RHEL5

Comment 12 Jarod Wilson 2008-12-02 20:11:30 UTC
Hrm. Looks like the i686 brew build went fine, but the x86_64 one blew up. I suspect this is because on x86, kernel-headers isn't built in the i686 build pass, its built in the i386 pass, whereas x86_64 includes both the kernel and kernel-headers.

[...]
+ grep -q exist hdrwarnings.txt
+ sed 's:^/var/tmp/kernel-2.6.18-124.el5dz_test-root/usr/include/::' hdrwarnings.txt
*****
*****
HEADER EXPORT WARNINGS:
*****
crypto/nscatterwalk.h requires linux/hardirq.h, which does not exist in exported headers
crypto/algapi.h requires linux/list.h, which does not exist in exported headers
crypto/aead.h requires linux/slab.h, which does not exist in exported headers
crypto/skcipher.h requires linux/slab.h, which does not exist in exported headers
linux/ncrypto.h requires asm/atomic.h, which does not exist in exported headers
linux/crypto.h requires linux/module.h, which does not exist in exported headers
*****
*****
+ exit 1
error: Bad exit status from /var/tmp/rpm-tmp.41698 (%install)

Comment 13 Neil Horman 2008-12-03 15:01:18 UTC
https://brewweb.devel.redhat.com/taskinfo?taskID=1596826
New build brewing.  I've included the missing headers, although I'm becomming less confident that this is as easy to do as it initially looked.  We want these headers in kernel-devel but not kernel-headers (which is used by userspace), so I think we'll still have some cleanup to do here (masking unneeded data in the exported headers with ifdef __KERNEL__ and such.  But this should be enough to validate what you need to do.

Comment 14 Neil Horman 2008-12-03 19:20:49 UTC
ugh, stpuid includes.  Let me figure this out and I'll get back to you

Comment 15 Neil Horman 2008-12-05 01:44:30 UTC
https://brewweb.devel.redhat.com/taskinfo?taskID=1597546

Ok, the kernel-headers packages in that build should have what you need, although I think they probably belong in the kernel-devel package, and I'm not sure why there showing up there.  Let me know if all the headers you need are in kernel-headers, and I'll figure out how to move them over to kernel-devel.

Comment 16 RHEL Program Management 2009-02-16 15:38:58 UTC
Updating PM score.

Comment 17 Neil Horman 2009-02-20 19:40:02 UTC
jarod, did this work for you?

Comment 18 Jarod Wilson 2009-02-26 16:03:27 UTC
Crud. I don't suppose you have a saved copy of that build somewhere? Can't seem to pull that out of brew any more, the scratch build reaper must have nuked it... So if you have either a local copy I could bum, or a patch I can just apply to a build, I can try it out that way... :\

Comment 19 Neil Horman 2009-02-26 19:28:09 UTC
crud, I don't and I re-installed my system over christmas.  Back to the drawing board I guess.  I'll let you know when I have something

Comment 20 Neil Horman 2009-02-26 19:47:48 UTC
Created attachment 333374 [details]
new attempt at including rng header

Heres another attempt at this, It seems from looking at the spec file that I just need to include the crypto libs in the copy operation when building the devel package.  Although I'm not sure how some of the headers are getting in there now.

Comment 21 Neil Horman 2009-02-26 19:53:46 UTC
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=1707524


New brew build here if you want to test it when you get a chance.  Thanks!

Comment 22 Jarod Wilson 2009-03-05 16:22:38 UTC
Yep, this works for me. Puts it in a slightly different place than I was expecting, but that's no problem (was looking for include/crypto/rng.h, which is where the mpi and ksign headers are, but switching to crypto/rng.h worksforme).

Comment 23 Don Zickus 2009-03-16 15:21:49 UTC
in kernel-2.6.18-135.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.

Comment 27 errata-xmlrpc 2009-09-02 08:51:26 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1243.html


Note You need to log in before you can comment on or make changes to this bug.