From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S965533AbcJYK0n (ORCPT <rfc822;w@1wt.eu>);
        Tue, 25 Oct 2016 06:26:43 -0400
Received: from mx1.redhat.com ([209.132.183.28]:34616 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S933735AbcJYK0j (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 25 Oct 2016 06:26:39 -0400
Date: Tue, 25 Oct 2016 12:26:37 +0200
From: Artem Savkov <asavkov@redhat.com>
To: David Howells <dhowells@redhat.com>
Cc: Kirill Marinushkin <k.marinushkin@gmail.com>,
        paul.gortmaker@windriver.com, james.l.morris@oracle.com,
        keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] security/keys: make BIG_KEYS dependent on stdrng.
Message-ID: <20161025102637.GB1768@shodan.usersys.redhat.com>
References: <20161006080021.GD19785@shodan.usersys.redhat.com>
 <1473179547-12101-1-git-send-email-k.marinushkin@gmail.com>
 <32083.1473167516@warthog.procyon.org.uk>
 <25951.1473185773@warthog.procyon.org.uk>
 <32688.1477320654@warthog.procyon.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <32688.1477320654@warthog.procyon.org.uk>
User-Agent: Mutt/1.7+2 (e5fcfc5f9c2e) (2016-08-17)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 25 Oct 2016 10:26:39 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Oct 24, 2016 at 03:50:54PM +0100, David Howells wrote:
> Artem Savkov <asavkov@redhat.com> wrote:
> 
> > > > IMO, the preferable fix depends on your future plan.
> > > > If you plan to continue using both ANSI X9.31 DRNG and DRBG - I agree with the
> > > > patch suggested by Artem Savkov.
> > > > If you plan to reduce using ANSI X9.31 DRNG and use DRBG more widely - I
> > > > suggest my patch.
> > > 
> > > No such plans, TBH.
> > 
> > I agre with Kirill here, so if we are not trying to reduce ANSI X9.31
> > DRNG usage can we move on with the suggested patch, or are there any
> > issues with it that need addressing?
> 
> Which suggested patch?  One of Kirill's (there are at least two) or yours?

I suggest mine, since it is more flexible.

> Note that we *also* need the "KEYS: Sort out big_key initialisation" patch -
> just changing the Kconfig is not sufficient a fix in and of itself.

Right, I see it also changes the Kconfig, so we might be better off with
v2 of "KEYS: Sort out big_key initialisation" with "depends on
(CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)" in Kconfig.

-- 
Regards,
  Artem