| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250226060725.GA41090@sol.localdomain>
Date: Tue, 25 Feb 2025 22:07:25 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Arnd Bergmann <arnd@...nel.org>, Arnd Bergmann <arnd@...db.de>,
Will Deacon <will@...nel.org>,
"David S . Miller" <davem@...emloft.net>,
Catalin Marinas <catalin.marinas@....com>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
Harald Freudenberger <freude@...ux.ibm.com>,
Holger Dengler <dengler@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Alexander Gordeev <agordeev@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Sven Schnelle <svens@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Ard Biesheuvel <ardb@...nel.org>,
"James E . J . Bottomley" <James.Bottomley@...senpartnership.com>,
Jarkko Sakkinen <jarkko@...nel.org>, linux-crypto@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-mips@...r.kernel.org, linux-s390@...r.kernel.org
Subject: Re: [PATCH] crypto: lib/Kconfig - Select and hide arch options
On Wed, Feb 26, 2025 at 12:36:33PM +0800, Herbert Xu wrote:
> The ARCH_MAY_HAVE patch missed arm64, mips and s390. But it may
> also lead to arch options being enabled but ineffective because
> of modular/built-in conflicts.
>
> As the primary user of all these options wireguard is selecting
> the arch options anyway, make the same selections at the lib/crypto
> option level and hide the arch options from the user.
>
> Fixes: 1047e21aecdf ("crypto: lib/Kconfig - Fix lib built-in failure when arch is modular")
> Reported-by: kernel test robot <lkp@...el.com>
> Reported-by: Arnd Bergmann <arnd@...nel.org>
> Closes: https://lore.kernel.org/oe-kbuild-all/202502232152.JC84YDLp-lkp@intel.com/
> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
As I said earlier, fixing the arch-optimized code to be enabled automatically is
the right way to do it. There are still some issues with this patch, though:
> config CRYPTO_LIB_CHACHA
> tristate "ChaCha library interface"
> + select CRYPTO
> select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n
> + select CRYPTO_CHACHA20_X86_64 if X86 && 64BIT
> + select CRYPTO_CHACHA20_NEON if ARM || (ARM64 && KERNEL_MODE_NEON)
> + select CRYPTO_CHACHA_MIPS if CPU_MIPS32_R2
> + select CRYPTO_CHACHA_S390 if S390
> + select CRYPTO_CHACHA20_P10 if PPC64 && CPU_LITTLE_ENDIAN && VSX
There's no need to have a select for every architecture, with the dependencies
redundantly listed. Instead just 'default' each of the arch-optimized options
to CRYPTO_LIB_CHACHA.
> config CRYPTO_CHACHA20_X86_64
> tristate
> depends on X86 && 64BIT
> default CRYPTO_CHACHA20
> select CRYPTO_ARCH_HAVE_LIB_CHACHA
[...]
>
> config CRYPTO_CHACHA20
> tristate "ChaCha"
> select CRYPTO_LIB_CHACHA_GENERIC
> select CRYPTO_SKCIPHER
This introduces a problem where to enable optimized ChaCha in the crypto API
users will now need to enable CRYPTO_LIB_CHACHA, instead of
CRYPTO_CHACHA20_X86_64 etc. as was needed before. LIB symbols should never be
user-selectable, so that makes no sense.
The way it should work is that CRYPTO_CHACHA20 should just select
CRYPTO_LIB_CHACHA (and thus also the optimized code).
And similarly for the other algorithms, which should be in their patches.
- Eric
Powered by blists - more mailing lists