| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <13304.1568825025@warthog.procyon.org.uk>
Date: Wed, 18 Sep 2019 17:43:45 +0100
From: David Howells <dhowells@...hat.com>
To: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: dhowells@...hat.com,
John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
Michael Schmitz <schmitzmic@...il.com>,
linux-m68k <linux-m68k@...ts.linux-m68k.org>,
Mat Martineau <mathew.j.martineau@...ux.intel.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org,
linux-security-module@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga)
Geert Uytterhoeven <geert@...ux-m68k.org> wrote:
> > > TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several
> > > minutes on old and slow machines.
> >
> > Why is it doing that? It doesn't do anything unless it is called, so
> > something must be calling it.
>
> I don't know. Enabling initcall_debug shows that dh_init() takes a very long
> time.
Ah... The bit that handles keyctl_dh_compute() doesn't do anything unless
asked, but the bit in the crypto layer that does dh does (ie. dh_init()). I
guess it's doing some sort of self-test, but I can't see how it effects that.
I think you need to consult the author/maintainer of crypto/dh.c.
It might be possible to make CONFIG_KEY_DH_OPERATIONS not depend on
CONFIG_CRYPTO_DH and have crypto_alloc_kpp() load the *crypto* part on
demand. Failing that, I can look into demand-loading keyctl operations.
David
Powered by blists - more mailing lists