lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 18 Sep 2019 16:27:02 +0200
From:   Geert Uytterhoeven <geert@...ux-m68k.org>
To:     John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>
Cc:     Michael Schmitz <schmitzmic@...il.com>,
        linux-m68k <linux-m68k@...ts.linux-m68k.org>,
        Mat Martineau <mathew.j.martineau@...ux.intel.com>,
        David Howells <dhowells@...hat.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>, keyrings@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck
 during boot on Amiga)

CC crypto keys people

TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several
minutes on old and slow machines. Can KEY_DH_OPERATIONS be made tristate?

On Wed, Sep 18, 2019 at 4:08 PM Geert Uytterhoeven <geert@...ux-m68k.org> wrote:
> On Wed, Sep 18, 2019 at 3:57 PM John Paul Adrian Glaubitz
> <glaubitz@...sik.fu-berlin.de> wrote:
> > On 9/18/19 3:48 PM, Geert Uytterhoeven wrote:
> > >> Diffie-Hellman doing some heavy crypto lifting on a poor m68k CPU?
> > >>
> > >> Disable CONFIG_CRYPTO_DH?
> > >
> > > See also https://lists.debian.org/debian-68k/2019/04/msg00033.html
> > >
> > > CRYPTO_DH is selected by CRYPTO_DEV_QAT and KEY_DH_OPERATIONS.
> > > The latter is bool, forcing CRYPTO_DH builtin.
> > >
> > > If KEY_DH_OPERATIONS needs to be enabled in a Debian kernel, perhaps
> > > it can be made tristate?
> > It was enabled in [1] as it's required for certain WiFi drivers [2].
> >
> > So, should it be fixed as you suggest or should we selectively disable it on m68k?
>
> Disabling it on m68k could be a first step (any WiFi drivers supported
> on m68k yet?).
>
> Making it tristate is non-trivial, as there are some interdependencies:
>
>     security/keys/Makefile:compat-obj-$(CONFIG_KEY_DH_OPERATIONS) += compat_dh.o
>     security/keys/Makefile:obj-$(CONFIG_KEY_DH_OPERATIONS) += dh.o
>     security/keys/internal.h:#ifdef CONFIG_KEY_DH_OPERATIONS
>     security/keys/keyctl.c:
> (IS_ENABLED(CONFIG_KEY_DH_OPERATIONS)    ? KEYCTL_CAPS0_DIFFIE_HELLMAN
> : 0) |
>
> > > [1] https://salsa.debian.org/kernel-team/linux/commit/88f44cb9eb34098138c79bdab5fae434492866d1
> > > [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911998

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ