lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 26 Dec 2017 09:28:56 +0100
From:   Paul Menzel <pmenzel+linux-crypto@...gen.mpg.de>
To:     Stephan Müller <smueller@...onox.de>
Cc:     linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Decreasing time for `rsa_init`

Dear Stephan, dear Linux folks,


Am 13.07.2017 um 20:20 schrieb Paul Menzel:

> Am Mittwoch, den 12.07.2017, 19:38 +0200 schrieb Paul Menzel:
> 
>> On 07/12/17 19:28, Stephan Müller wrote:
>>> Am Mittwoch, 12. Juli 2017, 12:59:58 CEST schrieb Paul Menzel:
>>>> Building CRYPTO_RSA not as module, but into the Linux kernel,
>>>> `rsa_init()` takes 130 ms on an ASRock E350M1.
>>>>
>>>> (Timings are shown by adding `initcall_debug` to Linux command
>>>> line [1].
>>>> The times are visualized by `analyze_boot.py` from pm-graph [2]
>>>> or `systemd-bootchart`.)
>>>>
>>>> This is quite a lot of time compared to other modules, and I
>>>> wonder if
>>>> there are ways to decrease that time other than building it as a
>>>> module,
>>>> and not signing modules?
>>>
>>> Is the testmgr compiled? If yes, the self test may take that time.
>>
>> It looks like it is, as the tests are not disabled.
>>
>> ```
>> $ grep MANAGER_DISABLE_TESTS .config
>> # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
>> ```
>>
>> I’ll try an image without the tests, and will report back.
> 
> Thank you. That was it. Disabling the tests reduces the time to 51 μs.
> 
> ```
> kernel: calling  rsa_init+0x0/0x40 @ 1
> kernel: initcall rsa_init+0x0/0x40 returned 0 after 51 usecs
> ```
> 
> It’d be nice to be able to disable the testmgr during run-time by
> adding an option to the Linux Kernel command line for example.

To follow up with this, thanks to commit 9e5c9fe4 (crypto: testmgr - Add 
a flag allowing the self-tests to be disabled at runtime.), present 
since Linux 4.7, this can be disabled at run-time by adding 
`cryptomgr.notests` to the Linux command line.

I just don’t know, how a user should find this parameter, that means, 
what module(?) this parameter belongs to, and is visible with `modinfo 
<module_name>`.

Additionally in `crypto/algboss.c`, that parameter doesn’t seem to apply.

```
    214	static int cryptomgr_test(void *data)
    215	{
    216		struct crypto_test_param *param = data;
    217		u32 type = param->type;
    218		int err = 0;
    219	
    220	#ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
    221		if (disable_tests)
    222			goto skiptest;
    223	#endif
    224	
    225		if (type & CRYPTO_ALG_TESTED)
    226			goto skiptest;
    227	
    228		err = alg_test(param->driver, param->alg, type, CRYPTO_ALG_TESTED);
    229	
    230	skiptest:
    231		crypto_alg_tested(param->driver, err);
    232	
    233		kfree(param);
    234		module_put_and_exit(0);
    235	}
```


Kind regards,

Paul


>>>> [1] http://elinux.org/Initcall_Debug
>>>> [2] https://github.com/01org/pm-graph

Powered by blists - more mailing lists