lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <968394.1589817650@warthog.procyon.org.uk>
Date:   Mon, 18 May 2020 17:00:50 +0100
From:   David Howells <dhowells@...hat.com>
To:     Stephen Rothwell <sfr@...b.auug.org.au>,
        Masahiro Yamada <masahiroy@...nel.org>
Cc:     dhowells@...hat.com, torvalds@...ux-foundation.org,
        linux-kbuild@...r.kernel.org,
        Linux Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        "Jason A. Donenfeld" <Jason@...c4.com>
Subject: How should we handle a bool depending on a tristate?

Stephen Rothwell <sfr@...b.auug.org.au> wrote:

> After merging the keys tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
> 
> x86_64-linux-gnu-ld: security/keys/big_key.o: in function `big_key_read':
> big_key.c:(.text+0x562): undefined reference to `chacha20poly1305_decrypt'
> x86_64-linux-gnu-ld: security/keys/big_key.o: in function `big_key_preparse':
> big_key.c:(.text+0x825): undefined reference to `chacha20poly1305_encrypt'
> 
> Caused by commit
> 
>   e0a715753a88 ("security/keys: rewrite big_key crypto to use library interface")
> 
> I have used the version from next-20200512 again tdoay.

Blech.  Yeah.  "depends on" doesn't work either.  The problem actually lies
within the Kconfig framework.  It doesn't know how to handle a bool depending
on a tristate.

So the issue is that with Jason's patch, we now have:

	config BIG_KEYS
		bool "Large payload keys"
		depends on KEYS
		depends on TMPFS
		depends on CRYPTO_LIB_CHACHA20POLY1305

	...

	config CRYPTO_LIB_CHACHA20POLY1305
		tristate "ChaCha20-Poly1305 AEAD support (8-byte nonce library version)"
		depends on CRYPTO_ARCH_HAVE_LIB_CHACHA || !CRYPTO_ARCH_HAVE_LIB_CHACHA
		depends on CRYPTO_ARCH_HAVE_LIB_POLY1305 || !CRYPTO_ARCH_HAVE_LIB_POLY1305
		select CRYPTO_LIB_CHACHA
		select CRYPTO_LIB_POLY1305

But you're allowed to set CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m.

Using "select" instead can lead to warnings about circular dependencies and,
in any case, doesn't propagate the selection up the tree.

Also, in this case, having BIG_KEYS select everything isn't practical as
CRYPTO_LIB_CHACHA20POLY1305 has a logical-XOR in its depends on.

I think one or more of the following things need to happen:

 (1) The configurator needs to give an error if it detects this.

 (2) The configurator needs to propagate select rootwards.

 (3) The configurator needs to propagate "=y" rootwards over depends on,
     prohibiting "=m".

 (4) The BIG_KEYS config needs to switch to a tristate.[*]

Do we have a preference?

David

[*] Note there have been situations where switching to a tristate isn't
    technically an option because the dependency target was required during
    boot (crypto used by module checking, for example), but we've just had to
    work around it and hope whoever was configuring the kernel built
    everything in.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ