[PATCH libgcrypt] Disable CPU speculation-related misfeatures
Guido Trentalancia
guido at trentalancia.com
Thu Jun 26 14:42:38 CEST 2025
Some changes have been approved, indeed a v2 version of the patch has
been created which fixes a build problem, following advice from Collin
Funk, see:
https://lists.gnupg.org/pipermail/gcrypt-devel/2025-May/005858.html
I do not approve the other proposed changes and the reasons have been
already explained.
In particular I do not approve the creation of autoconf configure tests
or autoconf configure options, because the patch automatically detects
whether or not prctl() is available in glibc and whether or not the
kernel supports disabling those vulnerabilities using prctl().
It has already pointed out that prctl() is available since Linux kernel
2.1.57.
Other changes, such as enabling the code only for cryptographic
algorithms, bring no profit and are not approved, as the performance
loss is only 2.5% as already explained in:
https://lists.gnupg.org/pipermail/gcrypt-devel/2025-June/005867.html
Regards,
Guido
On Thu, 26/06/2025 at 09.27 +0200, Werner Koch wrote:
> On Wed, 25 Jun 2025 18:24, Guido Trentalancia said:
> > There is no profit in changing additional parts of the code, for
> > that
> > only overcomplicates the underlying problem and the source code, so
> > further changes won't happen.
>
> If you want to get patches upstream you should consider to play by
> the
> rules of the project. This includes to listen to the discussion.
>
>
> Salam-Shalom,
>
> Werner
>
More information about the Gcrypt-devel
mailing list