2:40 p.m.
From: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
Hi,
As part of the ongoing rebase effort, the following configuration
options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed
configuration options from the pending directory to the ark directory.
In the diff below, options are removed from the pending directory and
added to the ark hierarchy. The final options that need to be ACKed
are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply
with a better option.
CONFIG_CRYPTO_SM2:
Generic implementation of the SM2 public key algorithm. It was
published by State Encryption Management Bureau, China.
as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
References:
https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
http://www.gmbz.org.cn/main/bzlb.html
Symbol: CRYPTO_SM2 [=n]
Type : tristate
Defined at crypto/Kconfig:263
Prompt: SM2 algorithm
Depends on: CRYPTO [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
Selects: CRYPTO_SM3 [=n] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y]
&& MPILIB [=y] && ASN1 [=y]
---
CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
Allow obsolete cryptographic algorithms to be selected that have
already been phased out from internal use by the kernel, and are
only useful for userspace clients that still rely on them.
Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y]
Type : bool
Defined at crypto/Kconfig:1915
Prompt: Enable obsolete cryptographic algorithms for userspace
Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
---
CONFIG_CRYPTO_USER_API_RNG_CAVP:
This option enables extra API for CAVP testing via the user-space
interface: resetting of DRBG entropy, and providing Additional Data.
This should only be enabled for CAVP testing. You should say
no unless you know what this is.
Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
Type : bool
Defined at crypto/Kconfig:1895
Prompt: Enable CAVP testing of DRBG
Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG
[=y]
Location:
-> Cryptographic API (CRYPTO [=y])
-> User-space interface for random number generator algorithms
(CRYPTO_USER_API_RNG [=y])
---
Cc: Herbert Xu <herbert.xu(a)redhat.com>
Cc: "David S. Miller" <davem(a)redhat.com>
Cc: Ondrej Mosnacek <omosnace(a)redhat.com>
Signed-off-by: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
---
.../configs/common/generic/CONFIG_CRYPTO_SM2 | 1 +
.../CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE | 1 +
.../generic/CONFIG_CRYPTO_USER_API_RNG_CAVP | 1 +
.../pending-common/generic/CONFIG_CRYPTO_SM2 | 23 -------------------
.../CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE | 17 --------------
.../generic/CONFIG_CRYPTO_USER_API_RNG_CAVP | 19 ---------------
6 files changed, 3 insertions(+), 59 deletions(-)
create mode 100644 redhat/configs/common/generic/CONFIG_CRYPTO_SM2
create mode 100644 redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
create mode 100644 redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
delete mode 100644 redhat/configs/pending-common/generic/CONFIG_CRYPTO_SM2
delete mode 100644
redhat/configs/pending-common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
delete mode 100644 redhat/configs/pending-common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
diff --git a/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
new file mode 100644
index 000000000000..0d8c1b551abf
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_SM2 is not set
diff --git a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
new file mode 100644
index 000000000000..21d316c28741
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
@@ -0,0 +1 @@
+CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
diff --git a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
new file mode 100644
index 000000000000..7826178972a9
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
diff --git a/redhat/configs/pending-common/generic/CONFIG_CRYPTO_SM2
b/redhat/configs/pending-common/generic/CONFIG_CRYPTO_SM2
deleted file mode 100644
index b577bb249279..000000000000
--- a/redhat/configs/pending-common/generic/CONFIG_CRYPTO_SM2
+++ /dev/null
@@ -1,23 +0,0 @@
-# CONFIG_CRYPTO_SM2:
-#
-# Generic implementation of the SM2 public key algorithm. It was
-# published by State Encryption Management Bureau, China.
-# as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
-#
-# References:
-# https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
-# http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
-# http://www.gmbz.org.cn/main/bzlb.html
-#
-# Symbol: CRYPTO_SM2 [=n]
-# Type : tristate
-# Defined at crypto/Kconfig:263
-# Prompt: SM2 algorithm
-# Depends on: CRYPTO [=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-# Selects: CRYPTO_SM3 [=n] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y]
&& MPILIB [=y] && ASN1 [=y]
-#
-#
-#
-# CONFIG_CRYPTO_SM2 is not set
diff --git a/redhat/configs/pending-common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/pending-common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
deleted file mode 100644
index b8bda73dbf55..000000000000
--- a/redhat/configs/pending-common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
+++ /dev/null
@@ -1,17 +0,0 @@
-# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
-#
-# Allow obsolete cryptographic algorithms to be selected that have
-# already been phased out from internal use by the kernel, and are
-# only useful for userspace clients that still rely on them.
-#
-# Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y]
-# Type : bool
-# Defined at crypto/Kconfig:1915
-# Prompt: Enable obsolete cryptographic algorithms for userspace
-# Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-#
-#
-#
-CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
diff --git a/redhat/configs/pending-common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
b/redhat/configs/pending-common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
deleted file mode 100644
index 7e0c667a45ce..000000000000
--- a/redhat/configs/pending-common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
+++ /dev/null
@@ -1,19 +0,0 @@
-# CONFIG_CRYPTO_USER_API_RNG_CAVP:
-#
-# This option enables extra API for CAVP testing via the user-space
-# interface: resetting of DRBG entropy, and providing Additional Data.
-# This should only be enabled for CAVP testing. You should say
-# no unless you know what this is.
-#
-# Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
-# Type : bool
-# Defined at crypto/Kconfig:1895
-# Prompt: Enable CAVP testing of DRBG
-# Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG
[=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-# -> User-space interface for random number generator algorithms
(CRYPTO_USER_API_RNG [=y])
-#
-#
-#
-# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
--
GitLab
7:50 a.m.
On Tue, Oct 13, 2020 at 9:40 PM GitLab Bridge on behalf of jeremycline
<cki-gitlab(a)redhat.com> wrote:
From: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
Hi,
As part of the ongoing rebase effort, the following configuration
options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed
configuration options from the pending directory to the ark directory.
In the diff below, options are removed from the pending directory and
added to the ark hierarchy. The final options that need to be ACKed
are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply
with a better option.
CONFIG_CRYPTO_SM2:
Generic implementation of the SM2 public key algorithm. It was
published by State Encryption Management Bureau, China.
as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
References:
https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
http://www.gmbz.org.cn/main/bzlb.html
Symbol: CRYPTO_SM2 [=n]
Type : tristate
Defined at crypto/Kconfig:263
Prompt: SM2 algorithm
Depends on: CRYPTO [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
Selects: CRYPTO_SM3 [=n] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y]
&& MPILIB [=y] && ASN1 [=y]
Looking at the current state of SM* configs in ARK, there seems to be
some disconnect:
ark/generic/CONFIG_CRYPTO_SM3:# CONFIG_CRYPTO_SM3 is not set
ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE:CONFIG_CRYPTO_SM3_ARM64_CE=m
ark/generic/CONFIG_CRYPTO_SM4:# CONFIG_CRYPTO_SM4 is not set
ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE:CONFIG_CRYPTO_SM4_ARM64_CE=m
ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE:#
CONFIG_CRYPTO_SM3_ARM64_CE is not set
ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4:CONFIG_CRYPTO_SM4=m
Why is CONFIG_CRYPTO_SM4 enabled only on aarch64? Why is
CONFIG_CRYPTO_SM3_ARM64_CE enabled, but CONFIG_CRYPTO_SM3 is not?
These should be consolidated.
Herbert, what is your opinion? I guess we would like to have the
Chinese algorithms enabled on ARK/RHEL? It seems very likely that some
Chinese customers would want them.
---
CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
Allow obsolete cryptographic algorithms to be selected that have
already been phased out from internal use by the kernel, and are
only useful for userspace clients that still rely on them.
Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y]
Type : bool
Defined at crypto/Kconfig:1915
Prompt: Enable obsolete cryptographic algorithms for userspace
Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
I'd be inclined to recommend disabling this (and the 4 corresponding
configs - see [1]) in both Fedora and ARK. These somewhat obscure
algorithms have no in-kernel users and it is very unlikely that they
would be used from userspace (via dm-crypt/AF_ALG). Opinions?
[1] https://lore.kernel.org/linux-crypto/20200911141103.14832-1-ardb@kernel.org/
---
CONFIG_CRYPTO_USER_API_RNG_CAVP:
This option enables extra API for CAVP testing via the user-space
interface: resetting of DRBG entropy, and providing Additional Data.
This should only be enabled for CAVP testing. You should say
no unless you know what this is.
Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
Type : bool
Defined at crypto/Kconfig:1895
Prompt: Enable CAVP testing of DRBG
Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG
[=y]
Location:
-> Cryptographic API (CRYPTO [=y])
-> User-space interface for random number generator algorithms
(CRYPTO_USER_API_RNG [=y])
I don't know if this would be useful for some certification on RHEL,
but probably can be left disabled.
(My 2 cents...)
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
8:48 a.m.
On Tue, 2020-10-20 at 14:50 +0200, Ondrej Mosnacek wrote:
On Tue, Oct 13, 2020 at 9:40 PM GitLab Bridge on behalf of
jeremycline
<cki-gitlab(a)redhat.com> wrote:
> From: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
>
> Hi,
>
> As part of the ongoing rebase effort, the following configuration
> options need to be reviewed.
>
> As a reminder, the ARK configuration flow involves moving unreviewed
> configuration options from the pending directory to the ark directory.
> In the diff below, options are removed from the pending directory and
> added to the ark hierarchy. The final options that need to be ACKed
> are the files that are being added to the ark hierarchy.
>
> If the value for a file that is added should be changed, please reply
> with a better option.
>
> CONFIG_CRYPTO_SM2:
>
> Generic implementation of the SM2 public key algorithm. It was
> published by State Encryption Management Bureau, China.
> as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
>
> References:
> https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
> http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
> http://www.gmbz.org.cn/main/bzlb.html
>
> Symbol: CRYPTO_SM2 [=n]
> Type : tristate
> Defined at crypto/Kconfig:263
> Prompt: SM2 algorithm
> Depends on: CRYPTO [=y]
> Location:
> -> Cryptographic API (CRYPTO [=y])
> Selects: CRYPTO_SM3 [=n] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER
[=y] && MPILIB [=y] && ASN1 [=y]
Looking at the current state of SM* configs in ARK, there seems to be
some disconnect:
ark/generic/CONFIG_CRYPTO_SM3:# CONFIG_CRYPTO_SM3 is not set
ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE:CONFIG_CRYPTO_SM3_ARM64_CE=m
ark/generic/CONFIG_CRYPTO_SM4:# CONFIG_CRYPTO_SM4 is not set
ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE:CONFIG_CRYPTO_SM4_ARM64_CE=m
ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE:#
CONFIG_CRYPTO_SM3_ARM64_CE is not set
ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4:CONFIG_CRYPTO_SM4=m
Why is CONFIG_CRYPTO_SM4 enabled only on aarch64? Why is
CONFIG_CRYPTO_SM3_ARM64_CE enabled, but CONFIG_CRYPTO_SM3 is not?
These should be consolidated.
And shouldn't the *_ARM64_* configs be under generic/arm/aarch64 rather than generic?
I don't see a need for CONFIG_CRYPTO_SM4 because all the platforms we care about will
have the crypto enhancement (ARM64_CE) insns.
2:08 a.m.
From: Herbert Xu on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_43803...
On Tue, Oct 20, 2020 at 02:50:15PM +0200, Ondrej Mosnacek wrote:
Looking at the current state of SM* configs in ARK, there seems to be
some disconnect:
ark/generic/CONFIG_CRYPTO_SM3:# CONFIG_CRYPTO_SM3 is not set
ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE:CONFIG_CRYPTO_SM3_ARM64_CE=m
ark/generic/CONFIG_CRYPTO_SM4:# CONFIG_CRYPTO_SM4 is not set
ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE:CONFIG_CRYPTO_SM4_ARM64_CE=m
ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE:#
CONFIG_CRYPTO_SM3_ARM64_CE is not set
ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4:CONFIG_CRYPTO_SM4=m
Why is CONFIG_CRYPTO_SM4 enabled only on aarch64? Why is
CONFIG_CRYPTO_SM3_ARM64_CE enabled, but CONFIG_CRYPTO_SM3 is not?
These should be consolidated.
Herbert, what is your opinion? I guess we would like to have the
Chinese algorithms enabled on ARK/RHEL? It seems very likely that some
Chinese customers would want them.
I agree, setting these options all to m would make sense.
I'd be inclined to recommend disabling this (and the 4
corresponding
configs - see [1]) in both Fedora and ARK. These somewhat obscure
algorithms have no in-kernel users and it is very unlikely that they
would be used from userspace (via dm-crypt/AF_ALG). Opinions?
[1] https://lore.kernel.org/linux-
crypto/20200911141103.14832-1-ardb(a)kernel.org/
Yes we should do that.
> CONFIG_CRYPTO_USER_API_RNG_CAVP:
>
> This option enables extra API for CAVP testing via the user-space
> interface: resetting of DRBG entropy, and providing Additional
Data.
> This should only be enabled for CAVP testing. You should say
> no unless you know what this is.
>
> Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
> Type : bool
> Defined at crypto/Kconfig:1895
> Prompt: Enable CAVP testing of DRBG
> Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] &&
CRYPTO_DRBG [=y]
> Location:
> -> Cryptographic API (CRYPTO [=y])
> -> User-space interface for random number generator
algorithms
(CRYPTO_USER_API_RNG [=y])
I don't know if this would be useful for some certification on RHEL,
but probably can be left disabled.
Yes indeed.
Thanks,
6:24 a.m.
New subject: [OS-BUILD PATCHv2] [redhat] New configs in crypto/Kconfig
From: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
[redhat] New configs in crypto/Kconfig
Hi,
As part of the ongoing rebase effort, the following configuration
options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed
configuration options from the pending directory to the ark directory.
In the diff below, options are removed from the pending directory and
added to the ark hierarchy. The final options that need to be ACKed
are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply
with a better option.
CONFIG_CRYPTO_SM2:
Generic implementation of the SM2 public key algorithm. It was
published by State Encryption Management Bureau, China.
as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
References:
https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
http://www.gmbz.org.cn/main/bzlb.html
Symbol: CRYPTO_SM2 [=n]
Type : tristate
Defined at crypto/Kconfig:263
Prompt: SM2 algorithm
Depends on: CRYPTO [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
Selects: CRYPTO_SM3 [=n] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y]
&& MPILIB [=y] && ASN1 [=y]
---
CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
Allow obsolete cryptographic algorithms to be selected that have
already been phased out from internal use by the kernel, and are
only useful for userspace clients that still rely on them.
Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y]
Type : bool
Defined at crypto/Kconfig:1915
Prompt: Enable obsolete cryptographic algorithms for userspace
Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
---
CONFIG_CRYPTO_USER_API_RNG_CAVP:
This option enables extra API for CAVP testing via the user-space
interface: resetting of DRBG entropy, and providing Additional Data.
This should only be enabled for CAVP testing. You should say
no unless you know what this is.
Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
Type : bool
Defined at crypto/Kconfig:1895
Prompt: Enable CAVP testing of DRBG
Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG
[=y]
Location:
-> Cryptographic API (CRYPTO [=y])
-> User-space interface for random number generator algorithms
(CRYPTO_USER_API_RNG [=y])
---
Cc: Herbert Xu <herbert.xu(a)redhat.com>
Cc: "David S. Miller" <davem(a)redhat.com>
Cc: Ondrej Mosnacek <omosnace(a)redhat.com>
Signed-off-by: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3
b/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_CRYPTO_SM3 is not set
diff a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
b/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
--- a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_CRYPTO_SM3_ARM64_CE is not set
diff a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4
b/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4
--- a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_CRYPTO_SM4=m
diff a/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
--- /dev/null
+++ b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
@@ -0,0 +1 @@
+CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
b/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
@@ -1 +1 @@
-CONFIG_CRYPTO_ANUBIS=m
+# CONFIG_CRYPTO_ANUBIS is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
b/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
@@ -1 +1 @@
-CONFIG_CRYPTO_ARC4=m
+# CONFIG_CRYPTO_ARC4 is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
b/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
@@ -1 +1 @@
-CONFIG_CRYPTO_KHAZAD=m
+# CONFIG_CRYPTO_KHAZAD is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
b/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
@@ -1 +1 @@
-CONFIG_CRYPTO_SEED=m
+# CONFIG_CRYPTO_SEED is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
@@ -0,0 +1 @@
+CONFIG_CRYPTO_SM2=m
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM3
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM3
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM3
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM3
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM4
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM4
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
b/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
@@ -1 +1 @@
-CONFIG_CRYPTO_TEA=m
+# CONFIG_CRYPTO_TEA is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE
b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE
+++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE
b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE
+++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2
b/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2
+++ /dev/null
@@ -1,23 +0,0 @@
-# CONFIG_CRYPTO_SM2:
-#
-# Generic implementation of the SM2 public key algorithm. It was
-# published by State Encryption Management Bureau, China.
-# as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
-#
-# References:
-# https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
-# http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
-# http://www.gmbz.org.cn/main/bzlb.html
-#
-# Symbol: CRYPTO_SM2 [=n]
-# Type : tristate
-# Defined at crypto/Kconfig:263
-# Prompt: SM2 algorithm
-# Depends on: CRYPTO [=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-# Selects: CRYPTO_SM3 [=m] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y]
&& MPILIB [=y] && ASN1 [=y]
-#
-#
-#
-CONFIG_CRYPTO_SM2=m
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
+++ /dev/null
@@ -1,17 +0,0 @@
-# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
-#
-# Allow obsolete cryptographic algorithms to be selected that have
-# already been phased out from internal use by the kernel, and are
-# only useful for userspace clients that still rely on them.
-#
-# Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y]
-# Type : bool
-# Defined at crypto/Kconfig:1915
-# Prompt: Enable obsolete cryptographic algorithms for userspace
-# Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-#
-#
-#
-# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
b/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
+++ /dev/null
@@ -1,19 +0,0 @@
-# CONFIG_CRYPTO_USER_API_RNG_CAVP:
-#
-# This option enables extra API for CAVP testing via the user-space
-# interface: resetting of DRBG entropy, and providing Additional Data.
-# This should only be enabled for CAVP testing. You should say
-# no unless you know what this is.
-#
-# Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
-# Type : bool
-# Defined at crypto/Kconfig:1895
-# Prompt: Enable CAVP testing of DRBG
-# Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG
[=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-# -> User-space interface for random number generator algorithms
(CRYPTO_USER_API_RNG [=y])
-#
-#
-#
-# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
diff a/redhat/configs/fedora/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
b/redhat/configs/fedora/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
--- a/redhat/configs/fedora/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_CRYPTO_SM3_ARM64_CE=m
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698
6:24 a.m.
New subject: [OS-BUILD PATCHv2] [redhat] New configs in crypto/Kconfig
From: CKI Bot on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_49165...
Hi! This is the friendly CKI test bot.
It appears that you are not a member of redhat/red-hat-ci-
tools/kernel/cki-runs/trusted-pipelines. This means that the CI
pipeline on your MR will fail. As getting testing is important, I'll be
responsible for testing your changes. After every MR change, I'll start
a
small testing pipeline and link it here so you can follow the results.
I'll
also create and link a pipeline for hardware testing that the reviewers
can
start to get extra test coverage.
6:24 a.m.
New subject: [OS-BUILD PATCHv2] [redhat] New configs in crypto/Kconfig
From: CKI Bot on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_49165...
Testing pipeline status:
Basic testing pipeline:
https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-
runs/external-pipelines/-/pipelines/245458916 - created
:hourglass_flowing_sand:
6:30 a.m.
New subject: [OS-BUILD PATCHv3] [redhat] New configs in crypto/Kconfig
From: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
[redhat] New configs in crypto/Kconfig
Hi,
As part of the ongoing rebase effort, the following configuration
options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed
configuration options from the pending directory to the ark directory.
In the diff below, options are removed from the pending directory and
added to the ark hierarchy. The final options that need to be ACKed
are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply
with a better option.
CONFIG_CRYPTO_SM2:
Generic implementation of the SM2 public key algorithm. It was
published by State Encryption Management Bureau, China.
as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
References:
https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
http://www.gmbz.org.cn/main/bzlb.html
Symbol: CRYPTO_SM2 [=n]
Type : tristate
Defined at crypto/Kconfig:263
Prompt: SM2 algorithm
Depends on: CRYPTO [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
Selects: CRYPTO_SM3 [=n] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y]
&& MPILIB [=y] && ASN1 [=y]
---
CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
Allow obsolete cryptographic algorithms to be selected that have
already been phased out from internal use by the kernel, and are
only useful for userspace clients that still rely on them.
Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y]
Type : bool
Defined at crypto/Kconfig:1915
Prompt: Enable obsolete cryptographic algorithms for userspace
Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
---
CONFIG_CRYPTO_USER_API_RNG_CAVP:
This option enables extra API for CAVP testing via the user-space
interface: resetting of DRBG entropy, and providing Additional Data.
This should only be enabled for CAVP testing. You should say
no unless you know what this is.
Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
Type : bool
Defined at crypto/Kconfig:1895
Prompt: Enable CAVP testing of DRBG
Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG
[=y]
Location:
-> Cryptographic API (CRYPTO [=y])
-> User-space interface for random number generator algorithms
(CRYPTO_USER_API_RNG [=y])
---
Cc: Herbert Xu <herbert.xu(a)redhat.com>
Cc: "David S. Miller" <davem(a)redhat.com>
Cc: Ondrej Mosnacek <omosnace(a)redhat.com>
Signed-off-by: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3
b/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_CRYPTO_SM3 is not set
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE
b/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_CRYPTO_SM4_ARM64_CE=m
diff a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
b/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
--- a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_CRYPTO_SM3_ARM64_CE is not set
diff a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4
b/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4
--- a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_CRYPTO_SM4=m
diff a/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
--- /dev/null
+++ b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
@@ -0,0 +1 @@
+CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
b/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
@@ -1 +1 @@
-CONFIG_CRYPTO_ANUBIS=m
+# CONFIG_CRYPTO_ANUBIS is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
b/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
@@ -1 +1 @@
-CONFIG_CRYPTO_ARC4=m
+# CONFIG_CRYPTO_ARC4 is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
b/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
@@ -1 +1 @@
-CONFIG_CRYPTO_KHAZAD=m
+# CONFIG_CRYPTO_KHAZAD is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
b/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
@@ -1 +1 @@
-CONFIG_CRYPTO_SEED=m
+# CONFIG_CRYPTO_SEED is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
@@ -0,0 +1 @@
+CONFIG_CRYPTO_SM2=m
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM3
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM3
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM3
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM3
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM4
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM4
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
b/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
@@ -1 +1 @@
-CONFIG_CRYPTO_TEA=m
+# CONFIG_CRYPTO_TEA is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE
b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE
+++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
diff a/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE
b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE
--- /dev/null
+++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_SM4_ARM64_CE is not set
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2
b/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2
+++ /dev/null
@@ -1,23 +0,0 @@
-# CONFIG_CRYPTO_SM2:
-#
-# Generic implementation of the SM2 public key algorithm. It was
-# published by State Encryption Management Bureau, China.
-# as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
-#
-# References:
-# https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
-# http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
-# http://www.gmbz.org.cn/main/bzlb.html
-#
-# Symbol: CRYPTO_SM2 [=n]
-# Type : tristate
-# Defined at crypto/Kconfig:263
-# Prompt: SM2 algorithm
-# Depends on: CRYPTO [=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-# Selects: CRYPTO_SM3 [=m] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y]
&& MPILIB [=y] && ASN1 [=y]
-#
-#
-#
-CONFIG_CRYPTO_SM2=m
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
+++ /dev/null
@@ -1,17 +0,0 @@
-# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
-#
-# Allow obsolete cryptographic algorithms to be selected that have
-# already been phased out from internal use by the kernel, and are
-# only useful for userspace clients that still rely on them.
-#
-# Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y]
-# Type : bool
-# Defined at crypto/Kconfig:1915
-# Prompt: Enable obsolete cryptographic algorithms for userspace
-# Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-#
-#
-#
-# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
b/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
+++ /dev/null
@@ -1,19 +0,0 @@
-# CONFIG_CRYPTO_USER_API_RNG_CAVP:
-#
-# This option enables extra API for CAVP testing via the user-space
-# interface: resetting of DRBG entropy, and providing Additional Data.
-# This should only be enabled for CAVP testing. You should say
-# no unless you know what this is.
-#
-# Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
-# Type : bool
-# Defined at crypto/Kconfig:1895
-# Prompt: Enable CAVP testing of DRBG
-# Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG
[=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-# -> User-space interface for random number generator algorithms
(CRYPTO_USER_API_RNG [=y])
-#
-#
-#
-# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698
6:30 a.m.
New subject: [OS-BUILD PATCHv3] [redhat] New configs in crypto/Kconfig
From: CKI Bot on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_49166...
Testing pipeline status:
Basic testing pipeline:
https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-
runs/external-pipelines/-/pipelines/245461862 - created
:hourglass_flowing_sand:
6:33 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
[redhat] New configs in crypto/Kconfig
Hi,
As part of the ongoing rebase effort, the following configuration
options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed
configuration options from the pending directory to the ark directory.
In the diff below, options are removed from the pending directory and
added to the ark hierarchy. The final options that need to be ACKed
are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply
with a better option.
CONFIG_CRYPTO_SM2:
Generic implementation of the SM2 public key algorithm. It was
published by State Encryption Management Bureau, China.
as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
References:
https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
http://www.gmbz.org.cn/main/bzlb.html
Symbol: CRYPTO_SM2 [=n]
Type : tristate
Defined at crypto/Kconfig:263
Prompt: SM2 algorithm
Depends on: CRYPTO [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
Selects: CRYPTO_SM3 [=n] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y]
&& MPILIB [=y] && ASN1 [=y]
---
CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
Allow obsolete cryptographic algorithms to be selected that have
already been phased out from internal use by the kernel, and are
only useful for userspace clients that still rely on them.
Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y]
Type : bool
Defined at crypto/Kconfig:1915
Prompt: Enable obsolete cryptographic algorithms for userspace
Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y]
Location:
-> Cryptographic API (CRYPTO [=y])
---
CONFIG_CRYPTO_USER_API_RNG_CAVP:
This option enables extra API for CAVP testing via the user-space
interface: resetting of DRBG entropy, and providing Additional Data.
This should only be enabled for CAVP testing. You should say
no unless you know what this is.
Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
Type : bool
Defined at crypto/Kconfig:1895
Prompt: Enable CAVP testing of DRBG
Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG
[=y]
Location:
-> Cryptographic API (CRYPTO [=y])
-> User-space interface for random number generator algorithms
(CRYPTO_USER_API_RNG [=y])
---
Cc: Herbert Xu <herbert.xu(a)redhat.com>
Cc: "David S. Miller" <davem(a)redhat.com>
Cc: Ondrej Mosnacek <omosnace(a)redhat.com>
Signed-off-by: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3
b/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_CRYPTO_SM3 is not set
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE
b/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_CRYPTO_SM4_ARM64_CE=m
diff a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
b/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
--- a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_CRYPTO_SM3_ARM64_CE is not set
diff a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4
b/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4
--- a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_CRYPTO_SM4=m
diff a/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
--- /dev/null
+++ b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
@@ -0,0 +1 @@
+CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
b/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS
@@ -1 +1 @@
-CONFIG_CRYPTO_ANUBIS=m
+# CONFIG_CRYPTO_ANUBIS is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
b/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4
@@ -1 +1 @@
-CONFIG_CRYPTO_ARC4=m
+# CONFIG_CRYPTO_ARC4 is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
b/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD
@@ -1 +1 @@
-CONFIG_CRYPTO_KHAZAD=m
+# CONFIG_CRYPTO_KHAZAD is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
b/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SEED
@@ -1 +1 @@
-CONFIG_CRYPTO_SEED=m
+# CONFIG_CRYPTO_SEED is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2
@@ -0,0 +1 @@
+CONFIG_CRYPTO_SM2=m
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM3
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM3
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM3
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM3
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4
b/redhat/configs/common/generic/CONFIG_CRYPTO_SM4
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM4
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
b/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
--- a/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_TEA
@@ -1 +1 @@
-CONFIG_CRYPTO_TEA=m
+# CONFIG_CRYPTO_TEA is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
diff a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE
b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
--- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE
+++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE
diff a/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE
b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE
--- /dev/null
+++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE
@@ -0,0 +1 @@
+# CONFIG_CRYPTO_SM4_ARM64_CE is not set
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2
b/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2
+++ /dev/null
@@ -1,23 +0,0 @@
-# CONFIG_CRYPTO_SM2:
-#
-# Generic implementation of the SM2 public key algorithm. It was
-# published by State Encryption Management Bureau, China.
-# as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
-#
-# References:
-# https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
-# http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
-# http://www.gmbz.org.cn/main/bzlb.html
-#
-# Symbol: CRYPTO_SM2 [=n]
-# Type : tristate
-# Defined at crypto/Kconfig:263
-# Prompt: SM2 algorithm
-# Depends on: CRYPTO [=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-# Selects: CRYPTO_SM3 [=m] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y]
&& MPILIB [=y] && ASN1 [=y]
-#
-#
-#
-CONFIG_CRYPTO_SM2=m
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
b/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
+++ /dev/null
@@ -1,17 +0,0 @@
-# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
-#
-# Allow obsolete cryptographic algorithms to be selected that have
-# already been phased out from internal use by the kernel, and are
-# only useful for userspace clients that still rely on them.
-#
-# Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y]
-# Type : bool
-# Defined at crypto/Kconfig:1915
-# Prompt: Enable obsolete cryptographic algorithms for userspace
-# Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-#
-#
-#
-# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
b/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
--- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP
+++ /dev/null
@@ -1,19 +0,0 @@
-# CONFIG_CRYPTO_USER_API_RNG_CAVP:
-#
-# This option enables extra API for CAVP testing via the user-space
-# interface: resetting of DRBG entropy, and providing Additional Data.
-# This should only be enabled for CAVP testing. You should say
-# no unless you know what this is.
-#
-# Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
-# Type : bool
-# Defined at crypto/Kconfig:1895
-# Prompt: Enable CAVP testing of DRBG
-# Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG
[=y]
-# Location:
-# -> Cryptographic API (CRYPTO [=y])
-# -> User-space interface for random number generator algorithms
(CRYPTO_USER_API_RNG [=y])
-#
-#
-#
-# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698
6:33 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: CKI Bot on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_49166...
Testing pipeline status:
Basic testing pipeline:
https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-
runs/external-pipelines/-/pipelines/245463193 - created
:hourglass_flowing_sand:
6:41 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Patrick Talbert on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_49167...
Hey Ondrej, Mark, Herbert,
I have pushed an update of this MR based upon the feedback. A lot of
things moved around so please doublecheck the MR:
- CONFIG_CRYPTO_SM3=m is set.
- CONFIG_CRYPTO_SM4 and CONFIG_CRYPTO_SM4_ARM64_CE are NOT set; they are
left enabled as modules in fedora.
- CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE and
CONFIG_CRYPTO_{ANUBIS,ARC4,KHAZAD,SEED,TEA} are disabled everywhere
EXCEPT they are all still enabled for s390x/zfcpdump.
- CONFIG_CRYPTO_USER_API_RNG_CAVP is disabled everywhere.
@jmflinuxtx This will disable obsolete cryptographic algorithms for
fedora as well. Currently they are enabled as modules. Let me know if
this is not a change you want and I can enable them again specifically
for fedora.
Thank you,
Patrick
7:55 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Ondrej Mosnáček on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_53770...
(Sorry for the late reply...)
CONFIG_CRYPTO_SM4 and CONFIG_CRYPTO_SM4_ARM64_CE are NOT set; they
are
left enabled as modules in fedora.
I thought we wanted both SM3 and SM4 as =m?
CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE and
CONFIG_CRYPTO_{ANUBIS,ARC4,KHAZAD,SEED,TEA} are disabled everywhere
EXCEPT they are all still enabled for s390x/zfcpdump.
I would say these should be needed even less on `s390x/zfcpdump` - I
presume all crypto options were just overriden from =m to =y to avoid
issues with auto loading or something... But I don't know enough about
zfcpdump to know for sure. @dzickusrh would you happen to know who is
the right SME for the zfcpdump kernel?
10:47 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Don Zickus on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_53798...
@dhorak1 - can you comment on the above?
11:10 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Daniel Horak on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_53801...
We might want to double-check with Phillip (@prudo), he is our s390x
kernel guy from IBM, but I believe it's safe to remove
`CONFIG_CRYPTO_{ANUBIS,ARC4,KHAZAD,SEED,TEA}` from `s390x/zfcpdump`
11:28 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
On 3/25/21 12:10 PM, Daniel Horak (via Email Bridge) wrote:
From: Daniel Horak on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_53801...
We might want to double-check with Phillip (@prudo), he is our s390x
kernel guy from IBM, but I believe it's safe to remove
`CONFIG_CRYPTO_{ANUBIS,ARC4,KHAZAD,SEED,TEA}` from `s390x/zfcpdump`
_______________________________________________
kernel mailing list -- kernel(a)lists.fedoraproject.org
To unsubscribe send an email to kernel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
11:34 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Ondrej Mosnáček on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_53804...
@dhorak1 Thanks! @prudo1 should be the right handle :) Phillip, can you
please check if removing the legacy crypto alg configs from the zfcpdump
kernel is OK?
5:56 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Philipp Rudo on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_53863...
I don't see a reason for keeping them for the zfcpdump kernel. It should
be safe to remove them.
BTW, I guess having CONFIG_MODULES disabled for the zfcpdump kernel is
the reason why they were overridden to =y.
7:11 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Ondrej Mosnáček on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_55056...
@ptalbert Could you please apply the requested changes? (i.e. disable
the obsolete crypto algs also under zfcpdump and enable the SM4 configs
as modules also in ARK)
If someone sees a reason to set them differently, please speak up :)
9:21 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Patrick Talbert on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_55069...
Sorry for the mix up.
Do we want SM2,3,4 enabled for zfcpdump builds? As pointed out by
@prudo1 these have to be explicitly called out for s390x/zfsdump now
that they are set as modules in common/generic.
I set them to enabled for V3:
v3:
- CONFIG_CRYPTO_SM4 is set m.
- CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE not defined for
s390x/zfsdump.
- CONFIG_CRYPTO_SM2,3,4 set to y for s390x/zfsdump.
v2:
- CONFIG_CRYPTO_SM3=m is set.
- CONFIG_CRYPTO_SM4 and CONFIG_CRYPTO_SM4_ARM64_CE are NOT set; they
are left
enabled as modules in fedora.
- CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE and
CONFIG_CRYPTO_{ANUBIS,ARC4,KHAZAD,SEED,TEA} are disabled
everywhere EXCEPT
they are all still enabled for s390x/zfcpdump.
- CONFIG_CRYPTO_USER_API_RNG_CAVP is disabled everywhere.
10:48 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Mark Salter on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_55079...
I think you also want to delete
fedora/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE it is already set
=m by generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE.
8:16 a.m.
New subject: [OS-BUILD PATCHv4] [redhat] New configs in crypto/Kconfig
From: Patrick Talbert on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698#note_55161...
Done.
782
days inactive
965
days old
kernel@lists.fedoraproject.org
21 comments
13 participants
participants (13)
-
cki-gitlab@redhat.com -
Daniel Horak (via Email Bridge)
-
Don Zickus (via Email Bridge)
-
GitLab Bridge on behalf of Herbert Xu
-
GitLab Bridge on behalf of jeremycline
-
Jeremy Cline (via Email Bridge)
-
Mark Salter -
Mark Salter (via Email Bridge)
-
Ondrej Mosnacek -
Ondrej Mosnáček (via Email Bridge)
-
Patrick Talbert (via Email Bridge)
-
Philipp Rudo (via Email Bridge)
-
Prarit Bhargava