Re: [PATCH 2/4] DRBG: cleanup of preprocessor macros
On Sun, Jun 29, 2014 at 01:37:05PM +0200, Stephan Mueller wrote: When looking into the documentation and trying it I found: - bool choices allow me to only select one option, and only one - tristate choices allow me to only select one option, if the initial tristate is set to yes. If the initial tristate is set to module, it allows zero to all options to be set. That said, neither covers my requirement here: require that at least one option is set, but allow more options. I have added the following patch to solve this problem. Please respin your patch against this. commit f2c89a10de4fd123a3d15223d26994f2fe1b95d8 Author: Herbert Xu herb...@gondor.apana.org.au Date: Fri Jul 4 22:15:08 2014 +0800 crypto: drbg - Use Kconfig to ensure at least one RNG option is set This patch removes the build-time test that ensures at least one RNG is set. Instead we will simply not build drbg if no options are set through Kconfig. This also fixes a typo in the name of the Kconfig option CRYTPO_DRBG (should be CRYPTO_DRBG). Signed-off-by: Herbert Xu herb...@gondor.apana.org.au diff --git a/crypto/Kconfig b/crypto/Kconfig index 1dca374..6345c47 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -23,7 +23,7 @@ comment Crypto core or helper config CRYPTO_FIPS bool FIPS 200 compliance - depends on (CRYPTO_ANSI_CPRNG || CRYTPO_DRBG) !CRYPTO_MANAGER_DISABLE_TESTS + depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) !CRYPTO_MANAGER_DISABLE_TESTS depends on MODULE_SIG help This options enables the fips boot option which is @@ -1394,39 +1394,39 @@ config CRYPTO_ANSI_CPRNG ANSI X9.31 A.2.4. Note that this option must be enabled if CRYPTO_FIPS is selected -menuconfig CRYTPO_DRBG +menuconfig CRYPTO_DRBG_MENU tristate NIST SP800-90A DRBG - depends on CRYPTO - select CRYPTO_RNG help NIST SP800-90A compliant DRBG. In the following submenu, one or more of the DRBG types must be selected. -if CRYTPO_DRBG +if CRYPTO_DRBG_MENU config CRYPTO_DRBG_HMAC bool Enable HMAC DRBG default y - depends on CRYTPO_DRBG select CRYPTO_HMAC help Enable the HMAC DRBG variant as defined in NIST SP800-90A. config CRYPTO_DRBG_HASH bool Enable Hash DRBG - depends on CRYTPO_DRBG select CRYPTO_HASH help Enable the Hash DRBG variant as defined in NIST SP800-90A. config CRYPTO_DRBG_CTR bool Enable CTR DRBG - depends on CRYTPO_DRBG select CRYPTO_AES help Enable the CTR DRBG variant as defined in NIST SP800-90A. -endif #CRYTPO_DRBG +config CRYPTO_DRBG + tristate + default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR) + select CRYPTO_RNG + +endif # if CRYPTO_DRBG_MENU config CRYPTO_USER_API tristate diff --git a/crypto/Makefile b/crypto/Makefile index bfa94fa..cfa57b3 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -92,7 +92,7 @@ obj-$(CONFIG_CRYPTO_842) += 842.o obj-$(CONFIG_CRYPTO_RNG2) += rng.o obj-$(CONFIG_CRYPTO_RNG2) += krng.o obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o -obj-$(CONFIG_CRYTPO_DRBG) += drbg.o +obj-$(CONFIG_CRYPTO_DRBG) += drbg.o obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o obj-$(CONFIG_CRYPTO_GHASH) += ghash-generic.o obj-$(CONFIG_CRYPTO_USER_API) += af_alg.o diff --git a/crypto/drbg.c b/crypto/drbg.c index d6621a6..acc7523 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -99,12 +99,6 @@ #include crypto/drbg.h -#if !defined(CONFIG_CRYPTO_DRBG_HASH) \ - !defined(CONFIG_CRYPTO_DRBG_HMAC) \ - !defined(CONFIG_CRYPTO_DRBG_CTR) -#warning The DRBG code is useless without compiling at least one DRBG type -#endif - /*** * Backend cipher definitions available to DRBG ***/ Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/4] DRBG: cleanup of preprocessor macros
Am Freitag, 4. Juli 2014, 22:15:41 schrieb Herbert Xu: Hi Herbert, On Sun, Jun 29, 2014 at 01:37:05PM +0200, Stephan Mueller wrote: When looking into the documentation and trying it I found: - bool choices allow me to only select one option, and only one - tristate choices allow me to only select one option, if the initial tristate is set to yes. If the initial tristate is set to module, it allows zero to all options to be set. That said, neither covers my requirement here: require that at least one option is set, but allow more options. I have added the following patch to solve this problem. Thank you very much for the help. I will test it once it is present on the server. Please respin your patch against this. All patches that have been sent so far and not applied will be respun around the new code level once the updated code appears on the server. -- Ciao Stephan -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/4] DRBG: cleanup of preprocessor macros
On 06/28/14 22:07, Stephan Mueller wrote:
Am Sonntag, 29. Juni 2014, 12:20:15 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:00:07 +0200 Stephan Mueller smuel...@chronox.de
wrote:
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 6679a26..03a230e 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -102,8 +102,13 @@
#if !defined(CONFIG_CRYPTO_DRBG_HASH) \
!defined(CONFIG_CRYPTO_DRBG_HMAC) \
!defined(CONFIG_CRYPTO_DRBG_CTR)
-#warning The DRBG code is useless without compiling at least one DRBG
type -#endif
+#define CRYPTO_DRBG_NONE_STRING none
+static int __init drbg_init(void)
+{
+ pr_warn(DRBG: no DRBG core was compiled!\n);
+ return -EFAULT;
+}
+#else
Wouldn't this be better handled by Kconfig so that we don't even try to
build this unless one of the required core modules is chosen?
I tried that, but it seems that my Kconfig Foo is not too well: adding the
DRBG cores to the depends line of CRYPTO_DRBG as indicated in the following,
I
have a circular dependency. With that circular dependency, the DRBG entries
do
not show up in make menuconfig.
menuconfig CRYTPO_DRBG
tristate NIST SP800-90A DRBG
depends on CRYPTO (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_CTR ||
CRYPTO_DRBG_HASH)
...
if CRYTPO_DRBG
config CRYPTO_DRBG_HMAC
bool Enable HMAC DRBG
default y
depends on CRYTPO_DRBG
Do you have a working solution in mind? The goal is that once CRYPTO_DRBG is
selected, at least one of the DRBG cores must be selected.
That sounds like a 'choice' Kconfig could be used.
Have you looked at that possibility?
See Documentation/kbuild/kconfig-language.txt and search for 'choice'.
--
~Randy
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/4] DRBG: cleanup of preprocessor macros
Am Sonntag, 29. Juni 2014, 00:41:22 schrieb Randy Dunlap:
Hi Randy,
On 06/28/14 22:07, Stephan Mueller wrote:
Am Sonntag, 29. Juni 2014, 12:20:15 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:00:07 +0200 Stephan Mueller smuel...@chronox.de
wrote:
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 6679a26..03a230e 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -102,8 +102,13 @@
#if !defined(CONFIG_CRYPTO_DRBG_HASH) \
!defined(CONFIG_CRYPTO_DRBG_HMAC) \
!defined(CONFIG_CRYPTO_DRBG_CTR)
-#warning The DRBG code is useless without compiling at least one DRBG
type -#endif
+#define CRYPTO_DRBG_NONE_STRING none
+static int __init drbg_init(void)
+{
+ pr_warn(DRBG: no DRBG core was compiled!\n);
+ return -EFAULT;
+}
+#else
Wouldn't this be better handled by Kconfig so that we don't even try to
build this unless one of the required core modules is chosen?
I tried that, but it seems that my Kconfig Foo is not too well: adding the
DRBG cores to the depends line of CRYPTO_DRBG as indicated in the
following, I have a circular dependency. With that circular dependency,
the DRBG entries do not show up in make menuconfig.
menuconfig CRYTPO_DRBG
tristate NIST SP800-90A DRBG
depends on CRYPTO (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_CTR ||
CRYPTO_DRBG_HASH)
...
if CRYTPO_DRBG
config CRYPTO_DRBG_HMAC
bool Enable HMAC DRBG
default y
depends on CRYTPO_DRBG
Do you have a working solution in mind? The goal is that once CRYPTO_DRBG
is selected, at least one of the DRBG cores must be selected.
That sounds like a 'choice' Kconfig could be used.
Have you looked at that possibility?
See Documentation/kbuild/kconfig-language.txt and search for 'choice'.
When looking into the documentation and trying it I found:
- bool choices allow me to only select one option, and only one
- tristate choices allow me to only select one option, if the initial tristate
is set to yes. If the initial tristate is set to module, it allows zero to all
options to be set.
That said, neither covers my requirement here: require that at least one
option is set, but allow more options.
Thanks
Stephan
--
| Cui bono? |
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/4] DRBG: cleanup of preprocessor macros
The structure used to construct the module description line was marked
problematic by the sparse code analysis tool. The module line
description now does not contain any ifdefs to prevent error reports
from sparse.
The preprocessor warning declaration was reported by sparse. It is
replaced in favor of an init function reporting the erroneous built of
the DRBG.
Lastly, a fix of the use use of CONFIG_CRYPTO_DRBG_HASH has been
applied.
Reported-by: kbuild test robot fengguang...@intel.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 43 +++
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 6679a26..03a230e 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -102,8 +102,13 @@
#if !defined(CONFIG_CRYPTO_DRBG_HASH) \
!defined(CONFIG_CRYPTO_DRBG_HMAC) \
!defined(CONFIG_CRYPTO_DRBG_CTR)
-#warning The DRBG code is useless without compiling at least one DRBG type
-#endif
+#define CRYPTO_DRBG_NONE_STRING none
+static int __init drbg_init(void)
+{
+ pr_warn(DRBG: no DRBG core was compiled!\n);
+ return -EFAULT;
+}
+#else
/***
* Backend cipher definitions available to DRBG
@@ -362,6 +367,7 @@ static inline void drbg_add_buf(unsigned char *dst, size_t
dstlen,
**/
#ifdef CONFIG_CRYPTO_DRBG_CTR
+#define CRYPTO_DRBG_CTR_STRING CTR
static int drbg_kcapi_sym(struct drbg_state *drbg, const unsigned char *key,
unsigned char *outval, const struct drbg_string *in);
static int drbg_init_sym_kernel(struct drbg_state *drbg);
@@ -715,6 +721,7 @@ static int drbg_fini_hash_kernel(struct drbg_state *drbg);
#endif /* (CONFIG_CRYPTO_DRBG_HASH || CONFIG_CRYPTO_DRBG_HMAC) */
#ifdef CONFIG_CRYPTO_DRBG_HMAC
+#define CRYPTO_DRBG_HMAC_STRING HMAC
/* update function of HMAC DRBG as defined in 10.1.2.2 */
static int drbg_hmac_update(struct drbg_state *drbg, struct list_head *seed,
int reseed)
@@ -834,6 +841,7 @@ static struct drbg_state_ops drbg_hmac_ops = {
**/
#ifdef CONFIG_CRYPTO_DRBG_HASH
+#define CRYPTO_DRBG_HASH_STRING HASH
/*
* scratchpad usage: as drbg_hash_update and drbg_hash_df are used
* interlinked, the scratchpad is used as follows:
@@ -1865,7 +1873,7 @@ static inline int __init drbg_healthcheck_sanity(void)
#ifdef CONFIG_CRYPTO_DRBG_CTR
drbg_convert_tfm_core(drbg_nopr_ctr_aes128, coreref, pr);
-#elif CONFIG_CRYPTO_DRBG_HASH
+#elif defined CONFIG_CRYPTO_DRBG_HASH
drbg_convert_tfm_core(drbg_nopr_sha256, coreref, pr);
#else
drbg_convert_tfm_core(drbg_nopr_hmac_sha256, coreref, pr);
@@ -2005,18 +2013,29 @@ void __exit drbg_exit(void)
crypto_unregister_algs(drbg_algs, (ARRAY_SIZE(drbg_cores) * 2));
}
-module_init(drbg_init);
module_exit(drbg_exit);
+#endif /* !defined(CONFIG_CRYPTO_DRBG_HASH) \
+ !defined(CONFIG_CRYPTO_DRBG_HMAC) \
+ !defined(CONFIG_CRYPTO_DRBG_CTR) */
+
+module_init(drbg_init);
MODULE_LICENSE(GPL);
MODULE_AUTHOR(Stephan Mueller smuel...@chronox.de);
-MODULE_DESCRIPTION(NIST SP800-90A Deterministic Random Bit Generator (DRBG)
using following cores:
-#ifdef CONFIG_CRYPTO_DRBG_HMAC
-HMAC
+#ifndef CRYPTO_DRBG_NONE_STRING
+#define CRYPTO_DRBG_NONE_STRING
#endif
-#ifdef CONFIG_CRYPTO_DRBG_HASH
-Hash
+#ifndef CRYPTO_DRBG_HASH_STRING
+#define CRYPTO_DRBG_HASH_STRING
#endif
-#ifdef CONFIG_CRYPTO_DRBG_CTR
-CTR
+#ifndef CRYPTO_DRBG_HMAC_STRING
+#define CRYPTO_DRBG_HMAC_STRING
+#endif
+#ifndef CRYPTO_DRBG_CTR_STRING
+#define CRYPTO_DRBG_CTR_STRING
#endif
-);
+MODULE_DESCRIPTION(NIST SP800-90A Deterministic Random Bit Generator (DRBG)
+ using following cores:
+ CRYPTO_DRBG_NONE_STRING
+ CRYPTO_DRBG_HMAC_STRING
+ CRYPTO_DRBG_HASH_STRING
+ CRYPTO_DRBG_CTR_STRING);
--
1.9.3
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/4] DRBG: cleanup of preprocessor macros
Hi Stephan,
On Sat, 28 Jun 2014 22:00:07 +0200 Stephan Mueller smuel...@chronox.de wrote:
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 6679a26..03a230e 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -102,8 +102,13 @@
#if !defined(CONFIG_CRYPTO_DRBG_HASH) \
!defined(CONFIG_CRYPTO_DRBG_HMAC) \
!defined(CONFIG_CRYPTO_DRBG_CTR)
-#warning The DRBG code is useless without compiling at least one DRBG type
-#endif
+#define CRYPTO_DRBG_NONE_STRING none
+static int __init drbg_init(void)
+{
+ pr_warn(DRBG: no DRBG core was compiled!\n);
+ return -EFAULT;
+}
+#else
Wouldn't this be better handled by Kconfig so that we don't even try to
build this unless one of the required core modules is chosen?
--
Cheers,
Stephen Rothwells...@canb.auug.org.au
signature.asc
Description: PGP signature
Re: [PATCH 2/4] DRBG: cleanup of preprocessor macros
Am Sonntag, 29. Juni 2014, 12:20:15 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:00:07 +0200 Stephan Mueller smuel...@chronox.de
wrote:
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 6679a26..03a230e 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -102,8 +102,13 @@
#if !defined(CONFIG_CRYPTO_DRBG_HASH) \
!defined(CONFIG_CRYPTO_DRBG_HMAC) \
!defined(CONFIG_CRYPTO_DRBG_CTR)
-#warning The DRBG code is useless without compiling at least one DRBG
type -#endif
+#define CRYPTO_DRBG_NONE_STRING none
+static int __init drbg_init(void)
+{
+ pr_warn(DRBG: no DRBG core was compiled!\n);
+ return -EFAULT;
+}
+#else
Wouldn't this be better handled by Kconfig so that we don't even try to
build this unless one of the required core modules is chosen?
I tried that, but it seems that my Kconfig Foo is not too well: adding the
DRBG cores to the depends line of CRYPTO_DRBG as indicated in the following, I
have a circular dependency. With that circular dependency, the DRBG entries do
not show up in make menuconfig.
menuconfig CRYTPO_DRBG
tristate NIST SP800-90A DRBG
depends on CRYPTO (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_CTR ||
CRYPTO_DRBG_HASH)
...
if CRYTPO_DRBG
config CRYPTO_DRBG_HMAC
bool Enable HMAC DRBG
default y
depends on CRYTPO_DRBG
Do you have a working solution in mind? The goal is that once CRYPTO_DRBG is
selected, at least one of the DRBG cores must be selected.
Thanks
Stephan
--
| Cui bono? |
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
