| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMuHMdWWMABFmejXPEuKyvDC7CgUZSeWU6cR8qpBdVa9KiBdUQ@mail.gmail.com>
Date: Fri, 10 Nov 2023 10:04:38 +0100
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
"David S. Miller" <davem@...emloft.net>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Steffen Klassert <steffen.klassert@...unet.com>,
Stephan Müller <smueller@...onox.de>,
Masahiro Yamada <masahiroy@...nel.org>,
linux-kbuild <linux-kbuild@...r.kernel.org>
Subject: Re: [PATCH] crypto: jitterentropy - Hide esoteric Kconfig options
under FIPS and EXPERT
Hi Herbert, Yamada-san,
On Mon, Nov 6, 2023 at 11:00 AM Herbert Xu <herbert@...dor.apana.org.au> wrote:
> On Thu, Nov 02, 2023 at 08:32:36PM -1000, Linus Torvalds wrote:
> > I think that would help the situation, but I assume the sizing for the
> > jitter buffer is at least partly due to trying to account for cache
> > sizing or similar issues?
> >
> > Which really means that I assume any static compile-time answer to
> > that question is always wrong - whether you are an expert or not.
> > Unless you are just building the thing for one particular machine.
> >
> > So I do think the problem is deeper than "this is a question only for
> > experts". I definitely don't think you should ask a regular user (or
> > even a distro kernel package manager). I suspect it's likely that the
> > question is just wrong in general - because any particular one buffer
> > size for any number of machines simply cannot be the right answer.
> >
> > I realize that the commit says "*allow* for configuration of memory
> > size", but I really question the whole approach.
>
> Yes I think these are all valid points. I just noticed that I
> forgot to cc the author so let's see if Stephan has anything to
> add.
>
> > But yes - hiding these questions from any reasonable normal user is at
> > least a good first step.
>
> OK here's the patch:
>
> ---8<---
> As JITTERENTROPY is selected by default if you enable the CRYPTO
> API, any Kconfig options added there will show up for every single
> user. Hide the esoteric options under EXPERT as well as FIPS so
> that only distro makers will see them.
>
> Reported-by: Linus Torvalds <torvalds@...ux-foundation.org>
> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
Thanks for your patch, which is now commit e7ed6473c2c8c4e4 ("crypto:
jitterentropy - Hide esoteric Kconfig options under FIPS and EXPERT").
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -1297,10 +1297,12 @@ config CRYPTO_JITTERENTROPY
>
> See https://www.chronox.de/jent.html
>
> +if CRYPTO_JITTERENTROPY
> +if CRYPTO_FIPS && EXPERT
> +
> choice
> prompt "CPU Jitter RNG Memory Size"
> default CRYPTO_JITTERENTROPY_MEMSIZE_2
> - depends on CRYPTO_JITTERENTROPY
> help
> The Jitter RNG measures the execution time of memory accesses.
> Multiple consecutive memory accesses are performed. If the memory
> @@ -1344,7 +1346,6 @@ config CRYPTO_JITTERENTROPY_OSR
> int "CPU Jitter RNG Oversampling Rate"
> range 1 15
> default 1
> - depends on CRYPTO_JITTERENTROPY
> help
> The Jitter RNG allows the specification of an oversampling rate (OSR).
> The Jitter RNG operation requires a fixed amount of timing
> @@ -1359,7 +1360,6 @@ config CRYPTO_JITTERENTROPY_OSR
>
> config CRYPTO_JITTERENTROPY_TESTINTERFACE
> bool "CPU Jitter RNG Test Interface"
> - depends on CRYPTO_JITTERENTROPY
> help
> The test interface allows a privileged process to capture
> the raw unconditioned high resolution time stamp noise that
> @@ -1377,6 +1377,28 @@ config CRYPTO_JITTERENTROPY_TESTINTERFACE
>
> If unsure, select N.
>
> +endif # if CRYPTO_FIPS && EXPERT
> +
> +if !(CRYPTO_FIPS && EXPERT)
> +
> +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
> + int
> + default 64
> +
> +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
> + int
> + default 32
> +
> +config CRYPTO_JITTERENTROPY_OSR
> + int
> + default 1
> +
> +config CRYPTO_JITTERENTROPY_TESTINTERFACE
> + bool
This duplicates the symbols in the CRYPTO_FIPS && EXPERT section above,
which is fragile.
For the int and bool symbols, this can be handled without duplication
using:
config CRYPTO_JITTERENTROPY_OSR
- int "CPU Jitter RNG Oversampling Rate"
+ int "CPU Jitter RNG Oversampling Rate" if CRYPTO_FIPS && EXPERT
config CRYPTO_JITTERENTROPY_TESTINTERFACE
- bool "CPU Jitter RNG Test Interface"
+ bool "CPU Jitter RNG Test Interface" if CRYPTO_FIPS && EXPERT
Unfortunately the following does not work for the choice statement,
although kconfig does not report an error:
choice
- prompt "CPU Jitter RNG Memory Size"
+ prompt "CPU Jitter RNG Memory Size" if CRYPTO_FIPS && EXPERT
default CRYPTO_JITTERENTROPY_MEMSIZE_2
Unlike for other symbol types, which just become silent if
!(CRYPTO_FIPS && EXPERT), the choice is skipped completely if
!(CRYPTO_FIPS && EXPERT), and CRYPTO_JITTERENTROPY_MEMSIZE_2 is not set.
Yamada-san: Do you know why choice behaves differently?
Is this easy to fix?
Thanks!
> +
> +endif # if !(CRYPTO_FIPS && EXPERT)
> +endif # if CRYPTO_JITTERENTROPY
> +
> config CRYPTO_KDF800108_CTR
> tristate
> select CRYPTO_HMAC
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Powered by blists - more mailing lists