diff mbox

security/keys: make BIG_KEYS dependent on stdrng.

Message ID 1473179547-12101-1-git-send-email-k.marinushkin@gmail.com (mailing list archive)
State New, archived
Headers show

Commit Message

Kirill Marinushkin Sept. 6, 2016, 4:32 p.m. UTC 
> The other thing is that I have been given a conflicting patch (see
> below).  Is your fix preferable?

The patch you attached previously is v1; I submitted v2 after review by
Stephan Mueller. I additionally attach it here below.

IMO, the preferable fix depends on your future plan.
If you plan to continue using both ANSI X9.31 DRNG and DRBG - I agree with the
patch suggested by Artem Savkov.
If you plan to reduce using ANSI X9.31 DRNG and use DRBG more widely - I
suggest my patch.

Best Regards,
Kirill

---
From	Kirill Marinushkin <k.marinushkin@gmail.com>
Subject	[PATCH v2] KEYS: fix big_key dependency
Date	Tue, 16 Aug 2016 21:51:12 +0200

This patch fixes the following bug:
[oss-security] - panic at big_key_preparse #4.7-r6/rc7 & master

Signed-off-by: Kirill Marinushkin <k.marinushkin@gmail.com>
---
 security/keys/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

David Howells Sept. 6, 2016, 6:16 p.m. UTC | #1 
Kirill Marinushkin <k.marinushkin@gmail.com> wrote:

> IMO, the preferable fix depends on your future plan.
> If you plan to continue using both ANSI X9.31 DRNG and DRBG - I agree with the
> patch suggested by Artem Savkov.
> If you plan to reduce using ANSI X9.31 DRNG and use DRBG more widely - I
> suggest my patch.

No such plans, TBH.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Artem Savkov Oct. 6, 2016, 8 a.m. UTC | #2 
On Tue, Sep 06, 2016 at 07:16:13PM +0100, David Howells wrote:
> Kirill Marinushkin <k.marinushkin@gmail.com> wrote:
> 
> > IMO, the preferable fix depends on your future plan.
> > If you plan to continue using both ANSI X9.31 DRNG and DRBG - I agree with the
> > patch suggested by Artem Savkov.
> > If you plan to reduce using ANSI X9.31 DRNG and use DRBG more widely - I
> > suggest my patch.
> 
> No such plans, TBH.

I agre with Kirill here, so if we are not trying to reduce ANSI X9.31
DRNG usage can we move on with the suggested patch, or are there any
issues with it that need addressing?
David Howells Oct. 24, 2016, 2:50 p.m. UTC | #3 
Artem Savkov <asavkov@redhat.com> wrote:

> > > IMO, the preferable fix depends on your future plan.
> > > If you plan to continue using both ANSI X9.31 DRNG and DRBG - I agree with the
> > > patch suggested by Artem Savkov.
> > > If you plan to reduce using ANSI X9.31 DRNG and use DRBG more widely - I
> > > suggest my patch.
> > 
> > No such plans, TBH.
> 
> I agre with Kirill here, so if we are not trying to reduce ANSI X9.31
> DRNG usage can we move on with the suggested patch, or are there any
> issues with it that need addressing?

Which suggested patch?  One of Kirill's (there are at least two) or yours?

Note that we *also* need the "KEYS: Sort out big_key initialisation" patch -
just changing the Kconfig is not sufficient a fix in and of itself.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Artem Savkov Oct. 25, 2016, 10:26 a.m. UTC | #4 
On Mon, Oct 24, 2016 at 03:50:54PM +0100, David Howells wrote:
> Artem Savkov <asavkov@redhat.com> wrote:
> 
> > > > IMO, the preferable fix depends on your future plan.
> > > > If you plan to continue using both ANSI X9.31 DRNG and DRBG - I agree with the
> > > > patch suggested by Artem Savkov.
> > > > If you plan to reduce using ANSI X9.31 DRNG and use DRBG more widely - I
> > > > suggest my patch.
> > > 
> > > No such plans, TBH.
> > 
> > I agre with Kirill here, so if we are not trying to reduce ANSI X9.31
> > DRNG usage can we move on with the suggested patch, or are there any
> > issues with it that need addressing?
> 
> Which suggested patch?  One of Kirill's (there are at least two) or yours?

I suggest mine, since it is more flexible.

> Note that we *also* need the "KEYS: Sort out big_key initialisation" patch -
> just changing the Kconfig is not sufficient a fix in and of itself.

Right, I see it also changes the Kconfig, so we might be better off with
v2 of "KEYS: Sort out big_key initialisation" with "depends on
(CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)" in Kconfig.
David Howells Oct. 25, 2016, 11:37 a.m. UTC | #5 
Artem Savkov <asavkov@redhat.com> wrote:

> > Which suggested patch?  One of Kirill's (there are at least two) or yours?
> 
> I suggest mine, since it is more flexible.

Fine by me.

> > Note that we *also* need the "KEYS: Sort out big_key initialisation" patch -
> > just changing the Kconfig is not sufficient a fix in and of itself.
> 
> Right, I see it also changes the Kconfig

No, it doesn't.  It only changes big_key.c

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index f826e87..5bc5114 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -44,7 +44,7 @@  config BIG_KEYS
        select CRYPTO
        select CRYPTO_AES
        select CRYPTO_ECB
-       select CRYPTO_RNG
+       select CRYPTO_RNG_DEFAULT
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html