diff options
| author |   Eric Biggers <ebiggers@google.com> | 2025-02-17 10:53:14 -0800 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2025-02-17 11:33:32 -0800 |
| commit | 75eb8b9410ee5f75851cfda9a328dab891e452d8 (patch) | |
| tree | 8c23de562489b4dc1a88a53a2eb6a6ad062aa535 | |
| parent | Linux 6.14-rc3 (diff) | |
| download | wireguard-linux-75eb8b9410ee5f75851cfda9a328dab891e452d8.tar.xz wireguard-linux-75eb8b9410ee5f75851cfda9a328dab891e452d8.zip | |
Revert "fscrypt: relax Kconfig dependencies for crypto API algorithms"
This mostly reverts commit a0fc20333ee4bac1147c4cf75dea098c26671a2f.
Keep the relevant parts of the comment added by that commit.
The problem with that commit is that it allowed people to create broken
configurations that enabled FS_ENCRYPTION but not the mandatory
algorithms. An example of this can be found here:
https://lore.kernel.org/r/1207325.1737387826@warthog.procyon.org.uk/
The commit did allow people to disable specific generic algorithm
implementations that aren't needed. But that at best allowed saving a
bit of code. In the real world people are unlikely to intentionally and
correctly make such a tweak anyway, as they tend to just be confused by
what all the different crypto kconfig options mean.
Of course we really need the crypto API to enable the correct
implementations automatically, but that's for a later fix.
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Cc: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Link: https://lore.kernel.org/r/20250217185314.27345-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
| -rw-r--r-- | fs/crypto/Kconfig | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig index 5aff5934baa1..332d828fe6fa 100644 --- a/fs/crypto/Kconfig +++ b/fs/crypto/Kconfig @@ -24,20 +24,16 @@ config FS_ENCRYPTION # # Also note that this option only pulls in the generic implementations of the # algorithms, not any per-architecture optimized implementations. It is -# strongly recommended to enable optimized implementations too. It is safe to -# disable these generic implementations if corresponding optimized -# implementations will always be available too; for this reason, these are soft -# dependencies ('imply' rather than 'select'). Only disable these generic -# implementations if you're sure they will never be needed, though. +# strongly recommended to enable optimized implementations too. config FS_ENCRYPTION_ALGS tristate - imply CRYPTO_AES - imply CRYPTO_CBC - imply CRYPTO_CTS - imply CRYPTO_ECB - imply CRYPTO_HMAC - imply CRYPTO_SHA512 - imply CRYPTO_XTS + select CRYPTO_AES + select CRYPTO_CBC + select CRYPTO_CTS + select CRYPTO_ECB + select CRYPTO_HMAC + select CRYPTO_SHA512 + select CRYPTO_XTS config FS_ENCRYPTION_INLINE_CRYPT bool "Enable fscrypt to use inline crypto" |