lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250423232008.GA2305@sol.localdomain>
Date: Wed, 23 Apr 2025 16:20:08 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/9] crypto: tcrypt - remove CRYPTO_TEST from
 defconfigs

On Wed, Apr 23, 2025 at 08:49:24AM +0200, Geert Uytterhoeven wrote:
> Hi Eric,
> 
> (replaying my response to v1, which I wrote before I noticed there was a v2)
> 
> On Tue, 22 Apr 2025 at 17:23, Eric Biggers <ebiggers@...nel.org> wrote:
> > From: Eric Biggers <ebiggers@...gle.com>
> >
> > CONFIG_CRYPTO_TEST enables a benchmarking module that is only really
> > useful for developers working on the crypto subsystem.  It is in a bunch
> > of defconfigs.  But as with most of the other crypto options that tend
> > to be randomly set in defconfigs, it is unlikely that much thought was
> > put into these, especially when placed in "production" defconfigs.
> > Clear it out of the defconfigs for now.
> >
> > Signed-off-by: Eric Biggers <ebiggers@...gle.com>
> 
> Thanks for your patch!
> 
> All of these are modular, so I don't think it's a big issue, even on
> "production" defconfigs. It just means the test is available when
> someone feels the urge to run it.
> Hence I try to make all tests available as modules in m68k defconfigs.
> 
> Gr{oetje,eeting}s,
> 

Okay, but again note that this option isn't the actual crypto tests.  It's a
benchmark.  Patch #2 renames CONFIG_CRYPTO_TEST to CONFIG_CRYPTO_BENCHMARK
accordingly.  The actual crypto tests are not modular and are controlled by the
inverted option CONFIG_CRYPTO_MANAGER_DISABLE_TESTS, changed to
CONFIG_CRYPTO_SELFTESTS by patch #5.  CONFIG_CRYPTO_TEST did used to be the
actual tests, but that changed in 2008, and no one ever fixed it.

Due to the renaming I'd need to update the defconfigs anyway, and I figured just
clearing out the option is the right choice in most cases.  Hence this patch.
But if you do understand what this option does and think it should be kept in as
CONFIG_CRYPTO_BENCHMARK=m, we can do that instead (for all defconfigs that had
it, presumably?).

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ