From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756021AbcIFN0H (ORCPT ); Tue, 6 Sep 2016 09:26:07 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44118 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755878AbcIFN0E (ORCPT ); Tue, 6 Sep 2016 09:26:04 -0400 Date: Tue, 6 Sep 2016 15:25:57 +0200 From: Artem Savkov To: David Howells Cc: Kirill Marinushkin , paul.gortmaker@windriver.com, james.l.morris@oracle.com, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] security/keys: make BIG_KEYS dependent on stdrng. Message-ID: <20160906132557.GB9055@shodan.usersys.redhat.com> References: <20160906130618.GA9055@shodan.usersys.redhat.com> <1473079079-22465-1-git-send-email-asavkov@redhat.com> <25084.1473166729@warthog.procyon.org.uk> <32083.1473167516@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <32083.1473167516@warthog.procyon.org.uk> User-Agent: Mutt/1.7+2 (e5fcfc5f9c2e) (2016-08-17) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 06 Sep 2016 13:25:58 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 06, 2016 at 02:11:56PM +0100, David Howells wrote: > Artem Savkov wrote: > > > > > - select CRYPTO > > > > + depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y) > > > > > > Should those be "==" not "="? > > > > Accodring to Documentation/kbuild/kconfig-language.txt (line 173) it is > > "=" and I can only see "=" being used in existing Kconfigs. > > Okay. The other thing is that I have been given a conflicting patch (see > below). Is your fix preferable? > > David > --- > commit 69ed34b303f87a1a53470dd37149ac1573d79da2 > Author: Kirill Marinushkin > Date: Mon, 8 Aug 2016 23:19:32 +0200 > > KEYS: fix big_key dependency > > Signed-off-by: Kirill Marinushkin > cc: David Howells > cc: Peter Hlavaty > cc: Greg KH > cc: stable@vger.kernel.org > --- > security/keys/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/keys/Kconfig b/security/keys/Kconfig > index f826e87..8213221 100644 > --- a/security/keys/Kconfig > +++ b/security/keys/Kconfig > @@ -44,7 +44,7 @@ config BIG_KEYS > select CRYPTO > select CRYPTO_AES > select CRYPTO_ECB > - select CRYPTO_RNG > + select CRYPTO_ANSI_CPRNG > help > This option provides support for holding large keys within the kernel > (for example Kerberos ticket caches). The data may be stored out to I would argue that locking a user into a specific stdrng implementation is not something that should be done when there are options available. -- Regards, Artem