| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <9f4e5f41-e553-4f2a-88fe-478f074b62cb@app.fastmail.com>
Date: Thu, 27 Feb 2025 12:56:30 +0100
From: "Arnd Bergmann" <arnd@...db.de>
To: "Herbert Xu" <herbert@...dor.apana.org.au>
Cc: "Arnd Bergmann" <arnd@...nel.org>, "Will Deacon" <will@...nel.org>,
"David S . Miller" <davem@...emloft.net>,
"Catalin Marinas" <catalin.marinas@....com>,
"Thomas Bogendoerfer" <tsbogend@...ha.franken.de>,
"Harald Freudenberger" <freude@...ux.ibm.com>,
"Holger Dengler" <dengler@...ux.ibm.com>,
"Heiko Carstens" <hca@...ux.ibm.com>, "Vasily Gorbik" <gor@...ux.ibm.com>,
"Alexander Gordeev" <agordeev@...ux.ibm.com>,
"Christian Borntraeger" <borntraeger@...ux.ibm.com>,
"Sven Schnelle" <svens@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
"Ard Biesheuvel" <ardb@...nel.org>, "Eric Biggers" <ebiggers@...gle.com>,
"James E . J . Bottomley" <James.Bottomley@...senpartnership.com>,
"Jarkko Sakkinen" <jarkko@...nel.org>, linux-crypto@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-mips@...r.kernel.org, linux-s390@...r.kernel.org
Subject: Re: [v3 PATCH] crypto: lib/Kconfig - Hide arch options from user
On Thu, Feb 27, 2025, at 09:43, Herbert Xu wrote:
> On Thu, Feb 27, 2025 at 09:32:51AM +0100, Arnd Bergmann wrote:
>> It appears that the two above are missing a
>> 'depends on KERNEL_MODE_NEON' line. There is still
>> a runtime check that prevents it from being used on
>> non-neon machines, but I think you should add these
>> lines here since it's no longer possible to turn
>> them off individually when building a kernel for a
>> non-NEON target.
>
> Good catch. But I think this was deliberate as it also includes
> a non-NEON implementation:
>
> commit b36d8c09e710c71f6a9690b6586fea2d1c9e1e27
> Author: Ard Biesheuvel <ardb@...nel.org>
> Date: Fri Nov 8 13:22:14 2019 +0100
>
> crypto: arm/chacha - remove dependency on generic ChaCha driver
Ah, I see. That's fine then.
> Instead of falling back to the generic ChaCha skcipher driver for
> non-SIMD cases, use a fast scalar implementation for ARM authored
> by Eric Biggers. This removes the module dependency on chacha-generic
> altogether, which also simplifies things when we expose the ChaCha
> library interface from this module.
>
> Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
>
>> I'm not sure why we need the extra "_INTERNAL" symbols, but I
>> may be missing something here. What problem does this solve
>> for you?
>
> Without them Kconfig will bomb out because of a loop centering
> on CONFIG_CRYPTO.
I've tried to undo that portion here and don't run into a
dependency loop so far with the patch below on top of yours
(around 100 randconfigs in). I'll keep testing and will let
you know when something goes wrong.
One issue I've already found in your version is that removing
the 'select CRYPTO_LIB_CHACHA_GENERIC' is broken in the majority
of the cases where an architecture specific implementation
is enabled, because the architecture code typically contains
a fallback to the generic version for the case where the
custom CPU instructions are not present.
I've added the 'select' lines to the architecture versions
here, but since it's almost always needed, we could decide
to just leave the generic version built-in anyway to
make it less error-prone at the cost of kernel bloat
in the few cases where it's not used.
An unrelated issue I noticed is that CRYPTO_LIB_CHACHA20POLY1305
depends on CRYPTO in order to pull in CRYPTO_ALGAPI, this
looks like a mistake and could be resolved by moving
crypto/scatterwalk.c into lib/crypto/ with its own symbol.
That should be a separate patch of course.
Arnd
diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig
index 0c19317a9ce0..f2e3b62c1379 100644
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -7,7 +7,8 @@ config CRYPTO_CURVE25519_NEON
depends on KERNEL_MODE_NEON
select CRYPTO_KPP
select CRYPTO_ARCH_HAVE_LIB_CURVE25519
- default CRYPTO_LIB_CURVE25519_INTERNAL
+ select CRYPTO_LIB_CURVE25519_GENERIC
+ default CRYPTO_LIB_CURVE25519
help
Curve25519 algorithm
@@ -49,7 +50,8 @@ config CRYPTO_POLY1305_ARM
tristate
select CRYPTO_HASH
select CRYPTO_ARCH_HAVE_LIB_POLY1305
- default CRYPTO_LIB_POLY1305_INTERNAL
+ select CRYPTO_LIB_POLY1305_GENERIC
+ default CRYPTO_LIB_POLY1305
help
Poly1305 authenticator algorithm (RFC7539)
@@ -217,7 +219,8 @@ config CRYPTO_CHACHA20_NEON
tristate
select CRYPTO_SKCIPHER
select CRYPTO_ARCH_HAVE_LIB_CHACHA
- default CRYPTO_LIB_CHACHA_INTERNAL
+ select CRYPTO_LIB_CHACHA_GENERIC
+ default CRYPTO_LIB_CHACHA
help
Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
stream cipher algorithms
diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig
index 1b14551cc301..17f447240f9a 100644
--- a/arch/arm64/crypto/Kconfig
+++ b/arch/arm64/crypto/Kconfig
@@ -30,7 +30,7 @@ config CRYPTO_POLY1305_NEON
depends on KERNEL_MODE_NEON
select CRYPTO_HASH
select CRYPTO_ARCH_HAVE_LIB_POLY1305
- default CRYPTO_LIB_POLY1305_INTERNAL
+ default CRYPTO_LIB_POLY1305
help
Poly1305 authenticator algorithm (RFC7539)
@@ -191,7 +191,8 @@ config CRYPTO_CHACHA20_NEON
depends on KERNEL_MODE_NEON
select CRYPTO_SKCIPHER
select CRYPTO_ARCH_HAVE_LIB_CHACHA
- default CRYPTO_LIB_CHACHA_INTERNAL
+ select CRYPTO_LIB_CHACHA_GENERIC
+ default CRYPTO_LIB_CHACHA
help
Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
stream cipher algorithms
diff --git a/arch/mips/crypto/Kconfig b/arch/mips/crypto/Kconfig
index 545fc0e12422..e0d8ee2677df 100644
--- a/arch/mips/crypto/Kconfig
+++ b/arch/mips/crypto/Kconfig
@@ -7,7 +7,7 @@ config CRYPTO_POLY1305_MIPS
depends on MIPS
select CRYPTO_HASH
select CRYPTO_ARCH_HAVE_LIB_POLY1305
- default CRYPTO_LIB_POLY1305_INTERNAL
+ default CRYPTO_LIB_POLY1305
help
Poly1305 authenticator algorithm (RFC7539)
@@ -58,7 +58,7 @@ config CRYPTO_CHACHA_MIPS
depends on CPU_MIPS32_R2
select CRYPTO_SKCIPHER
select CRYPTO_ARCH_HAVE_LIB_CHACHA
- default CRYPTO_LIB_CHACHA_INTERNAL
+ default CRYPTO_LIB_CHACHA
help
Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
stream cipher algorithms
diff --git a/arch/powerpc/crypto/Kconfig b/arch/powerpc/crypto/Kconfig
index 5beed03869c9..49f929f49e45 100644
--- a/arch/powerpc/crypto/Kconfig
+++ b/arch/powerpc/crypto/Kconfig
@@ -7,7 +7,8 @@ config CRYPTO_CURVE25519_PPC64
depends on PPC64 && CPU_LITTLE_ENDIAN
select CRYPTO_KPP
select CRYPTO_ARCH_HAVE_LIB_CURVE25519
- default CRYPTO_LIB_CURVE25519_INTERNAL
+ select CRYPTO_LIB_CURVE25519_GENERIC
+ default CRYPTO_LIB_CURVE25519
help
Curve25519 algorithm
@@ -96,7 +97,8 @@ config CRYPTO_CHACHA20_P10
depends on PPC64 && CPU_LITTLE_ENDIAN && VSX
select CRYPTO_SKCIPHER
select CRYPTO_ARCH_HAVE_LIB_CHACHA
- default CRYPTO_LIB_CHACHA_INTERNAL
+ select CRYPTO_LIB_CHACHA_GENERIC
+ default CRYPTO_LIB_CHACHA
help
Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
stream cipher algorithms
diff --git a/arch/s390/crypto/Kconfig b/arch/s390/crypto/Kconfig
index f6f82dab3594..13245d569d4d 100644
--- a/arch/s390/crypto/Kconfig
+++ b/arch/s390/crypto/Kconfig
@@ -112,7 +112,8 @@ config CRYPTO_CHACHA_S390
depends on S390
select CRYPTO_SKCIPHER
select CRYPTO_ARCH_HAVE_LIB_CHACHA
- default CRYPTO_LIB_CHACHA_INTERNAL
+ select CRYPTO_LIB_CHACHA_GENERIC
+ default CRYPTO_LIB_CHACHA
help
Length-preserving cipher: ChaCha20 stream cipher (RFC 7539)
diff --git a/arch/x86/crypto/Kconfig b/arch/x86/crypto/Kconfig
index d3128e99bac5..1f20425f6c87 100644
--- a/arch/x86/crypto/Kconfig
+++ b/arch/x86/crypto/Kconfig
@@ -7,7 +7,8 @@ config CRYPTO_CURVE25519_X86
depends on X86 && 64BIT
select CRYPTO_KPP
select CRYPTO_ARCH_HAVE_LIB_CURVE25519
- default CRYPTO_LIB_CURVE25519_INTERNAL
+ select CRYPTO_LIB_CURVE25519_GENERIC
+ default CRYPTO_LIB_CURVE25519
help
Curve25519 algorithm
@@ -353,7 +354,8 @@ config CRYPTO_CHACHA20_X86_64
depends on X86 && 64BIT
select CRYPTO_SKCIPHER
select CRYPTO_ARCH_HAVE_LIB_CHACHA
- default CRYPTO_LIB_CHACHA_INTERNAL
+ select CRYPTO_LIB_CHACHA_GENERIC
+ default CRYPTO_LIB_CHACHA
help
Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
stream cipher algorithms
@@ -422,7 +424,8 @@ config CRYPTO_POLY1305_X86_64
depends on X86 && 64BIT
select CRYPTO_HASH
select CRYPTO_ARCH_HAVE_LIB_POLY1305
- default CRYPTO_LIB_POLY1305_INTERNAL
+ select CRYPTO_LIB_POLY1305_GENERIC
+ default CRYPTO_LIB_POLY1305
help
Poly1305 authenticator algorithm (RFC7539)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index aac27a4668fd..6013850c114c 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -317,7 +317,7 @@ config CRYPTO_ECRDSA
config CRYPTO_CURVE25519
tristate "Curve25519"
select CRYPTO_KPP
- select CRYPTO_LIB_CURVE25519_INTERNAL
+ select CRYPTO_LIB_CURVE25519
help
Curve25519 elliptic curve (RFC7748)
@@ -615,7 +615,7 @@ config CRYPTO_ARC4
config CRYPTO_CHACHA20
tristate "ChaCha"
- select CRYPTO_LIB_CHACHA_INTERNAL
+ select CRYPTO_LIB_CHACHA
select CRYPTO_SKCIPHER
help
The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms
@@ -936,7 +936,7 @@ config CRYPTO_POLYVAL
config CRYPTO_POLY1305
tristate "Poly1305"
select CRYPTO_HASH
- select CRYPTO_LIB_POLY1305_INTERNAL
+ select CRYPTO_LIB_POLY1305_GENERIC
help
Poly1305 authenticator algorithm (RFC7539)
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index 1fd5acdc73c6..417b691c7c53 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -82,18 +82,6 @@ config WIREGUARD
select CRYPTO
select CRYPTO_LIB_CURVE25519
select CRYPTO_LIB_CHACHA20POLY1305
- select CRYPTO_CHACHA20_X86_64 if X86 && 64BIT
- select CRYPTO_POLY1305_X86_64 if X86 && 64BIT
- select CRYPTO_BLAKE2S_X86 if X86 && 64BIT
- select CRYPTO_CURVE25519_X86 if X86 && 64BIT
- select CRYPTO_CHACHA20_NEON if ARM || (ARM64 && KERNEL_MODE_NEON)
- select CRYPTO_POLY1305_NEON if ARM64 && KERNEL_MODE_NEON
- select CRYPTO_POLY1305_ARM if ARM
- select CRYPTO_BLAKE2S_ARM if ARM
- select CRYPTO_CURVE25519_NEON if ARM && KERNEL_MODE_NEON
- select CRYPTO_CHACHA_MIPS if CPU_MIPS32_R2
- select CRYPTO_POLY1305_MIPS if MIPS
- select CRYPTO_CHACHA_S390 if S390
help
WireGuard is a secure, fast, and easy to use replacement for IPSec
that uses modern cryptography and clever networking tricks. It's
diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
index b09e78da959a..8fdb1a5de909 100644
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -42,7 +42,7 @@ config CRYPTO_LIB_BLAKE2S_GENERIC
of CRYPTO_LIB_BLAKE2S.
config CRYPTO_ARCH_HAVE_LIB_CHACHA
- bool
+ tristate
help
Declares whether the architecture provides an arch-specific
accelerated implementation of the ChaCha library interface,
@@ -58,21 +58,16 @@ config CRYPTO_LIB_CHACHA_GENERIC
implementation is enabled, this implementation serves the users
of CRYPTO_LIB_CHACHA.
-config CRYPTO_LIB_CHACHA_INTERNAL
- tristate
- select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n
-
config CRYPTO_LIB_CHACHA
tristate "ChaCha library interface"
- select CRYPTO
- select CRYPTO_LIB_CHACHA_INTERNAL
+ select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n
help
Enable the ChaCha library interface. This interface may be fulfilled
by either the generic implementation or an arch-specific one, if one
is available and enabled.
config CRYPTO_ARCH_HAVE_LIB_CURVE25519
- bool
+ tristate
help
Declares whether the architecture provides an arch-specific
accelerated implementation of the Curve25519 library interface,
@@ -88,14 +83,9 @@ config CRYPTO_LIB_CURVE25519_GENERIC
implementation is enabled, this implementation serves the users
of CRYPTO_LIB_CURVE25519.
-config CRYPTO_LIB_CURVE25519_INTERNAL
- tristate
- select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_HAVE_LIB_CURVE25519=n
-
config CRYPTO_LIB_CURVE25519
tristate "Curve25519 scalar multiplication library"
- select CRYPTO
- select CRYPTO_LIB_CURVE25519_INTERNAL
+ select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_HAVE_LIB_CURVE25519=n
help
Enable the Curve25519 library interface. This interface may be
fulfilled by either the generic implementation or an arch-specific
@@ -112,7 +102,7 @@ config CRYPTO_LIB_POLY1305_RSIZE
default 1
config CRYPTO_ARCH_HAVE_LIB_POLY1305
- bool
+ tristate
help
Declares whether the architecture provides an arch-specific
accelerated implementation of the Poly1305 library interface,
@@ -127,14 +117,9 @@ config CRYPTO_LIB_POLY1305_GENERIC
implementation is enabled, this implementation serves the users
of CRYPTO_LIB_POLY1305.
-config CRYPTO_LIB_POLY1305_INTERNAL
- tristate
- select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n
-
config CRYPTO_LIB_POLY1305
tristate "Poly1305 library interface"
- select CRYPTO
- select CRYPTO_LIB_POLY1305_INTERNAL
+ select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n
help
Enable the Poly1305 library interface. This interface may be fulfilled
by either the generic implementation or an arch-specific one, if one
Powered by blists - more mailing lists