git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Tue, 17 Nov 2020 16:13:08 +0000 (17:13 +0100)
committer	Oleg Drokin <green@whamcloud.com>
	Sun, 13 Dec 2020 08:23:15 +0000 (08:23 +0000)
commit	0fece1af57e74efa5a7248f57495e2bddf72bb38
tree	e2d7558622ae2119da51d9d20b4876150ac89660	tree \| snapshot
parent	8a3ef5713cc4aed1ac7bd3ce177895caa597cc4c	commit \| diff

LU-14095 ssk: default rounds of Miller-Rabin for DH_check

OpenSSL 1.1.1c increased the number of rounds used for Miller-Rabin
testing of the prime provided as input parameter to DH_check(). This
makes the check roughly x10 longer, and can lead to request timeouts
when an SSK flavor is being used.

Instead, use a dynamic number of rounds based on the speed of the
check, evaluated when the lsvcgssd daemon starts. If DH_check()
runtime is fine, just use it instead of our own check.

Test-Parameters: clientdistro=el8.2 serverdistro=el8.2 testgroup=review-dne-ssk
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Id392cdd76ede196094b146c68d230bc52852aa34
Reviewed-on: https://review.whamcloud.com/40686
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/utils/gss/lgss_sk_utils.c		diff \| blob \| history
lustre/utils/gss/sk_utils.c	[changed mode: 0644->0755]	diff \| blob \| history
lustre/utils/gss/sk_utils.h		diff \| blob \| history
lustre/utils/gss/svcgssd.h		diff \| blob \| history
lustre/utils/gss/svcgssd_main_loop.c		diff \| blob \| history
lustre/utils/gss/svcgssd_proc.c		diff \| blob \| history