| Message ID | 20250225164216.4807-1-arnd@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | crypto: lib/Kconfig - fix chacha/poly1305 dependencies more more | expand |
On Tue, Feb 25, 2025 at 05:42:07PM +0100, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@arndb.de> > > A recent change tries to fix Kconfig dependencies, but introduced > two problems in the process: > > - only arm, powerpc and x86 are changed, while mips, arm64 and s390 > are now broken > > - there are now configurations where the architecture enables its > own helper functions as loadable modules, but they remain silently > unused because CRYPTO_LIB_* falls back to the generic helpers > > Address both by changing the logic again: the architecture functions > select CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA, which may be a loadable > module or built-in, and this controls whether the library is > also built-in. > > Fixes: 04f9ccc955c7 ("crypto: lib/Kconfig - Fix lib built-in failure when arch is modular") Which tree contains this change? I can't seem to resolve the SHA locally. Will
On Tue, Feb 25, 2025, at 22:33, Will Deacon wrote: > On Tue, Feb 25, 2025 at 05:42:07PM +0100, Arnd Bergmann wrote: >> From: Arnd Bergmann <arnd@arndb.de> >> >> A recent change tries to fix Kconfig dependencies, but introduced >> two problems in the process: >> >> - only arm, powerpc and x86 are changed, while mips, arm64 and s390 >> are now broken >> >> - there are now configurations where the architecture enables its >> own helper functions as loadable modules, but they remain silently >> unused because CRYPTO_LIB_* falls back to the generic helpers >> >> Address both by changing the logic again: the architecture functions >> select CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA, which may be a loadable >> module or built-in, and this controls whether the library is >> also built-in. >> >> Fixes: 04f9ccc955c7 ("crypto: lib/Kconfig - Fix lib built-in failure when arch is modular") > > Which tree contains this change? I can't seem to resolve the SHA locally. Sorry, that must have been an older commit ID. Today's linux-next contains 56b8e4bb7622 ("crypto: lib/Kconfig - Fix lib built-in failure when arch is modular") which is in git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git Arnd
On Tue, Feb 25, 2025, at 22:40, Arnd Bergmann wrote: > On Tue, Feb 25, 2025, at 22:33, Will Deacon wrote: >> On Tue, Feb 25, 2025 at 05:42:07PM +0100, Arnd Bergmann wrote: >>> From: Arnd Bergmann <arnd@arndb.de> >>> >>> A recent change tries to fix Kconfig dependencies, but introduced >>> two problems in the process: >>> >>> - only arm, powerpc and x86 are changed, while mips, arm64 and s390 >>> are now broken >>> >>> - there are now configurations where the architecture enables its >>> own helper functions as loadable modules, but they remain silently >>> unused because CRYPTO_LIB_* falls back to the generic helpers >>> >>> Address both by changing the logic again: the architecture functions >>> select CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA, which may be a loadable >>> module or built-in, and this controls whether the library is >>> also built-in. >>> >>> Fixes: 04f9ccc955c7 ("crypto: lib/Kconfig - Fix lib built-in failure when arch is modular") >> >> Which tree contains this change? I can't seem to resolve the SHA locally. > > Sorry, that must have been an older commit ID. Today's linux-next > contains 56b8e4bb7622 ("crypto: lib/Kconfig - Fix lib built-in failure > when arch is modular") > > which is in > git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git After looking at the original 0day report, I think the fix for that problem would have been --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig @@ -94,6 +94,7 @@ config WIREGUARD select CRYPTO_CHACHA_MIPS if CPU_MIPS32_R2 select CRYPTO_POLY1305_MIPS if MIPS select CRYPTO_CHACHA_S390 if S390 + select CRYPTO_CURVE25519_PPC64 if PPC64 && CPU_LITTLE_ENDIAN help WireGuard is a secure, fast, and easy to use replacement for IPSec that uses modern cryptography and clever networking tricks. It's which makes powerpc behave the same way as the other architectures. Ideally wireguard should not need to know about every architecture specific algorithm that it might use though, and that requires a different method of enabling those. Arnd
diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig index 5636ab83f22a..3d90efdcf5a5 100644 --- a/arch/arm64/crypto/Kconfig +++ b/arch/arm64/crypto/Kconfig @@ -29,7 +29,7 @@ config CRYPTO_POLY1305_NEON tristate "Hash functions: Poly1305 (NEON)" depends on KERNEL_MODE_NEON select CRYPTO_HASH - select CRYPTO_ARCH_HAVE_LIB_POLY1305 + select CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305 help Poly1305 authenticator algorithm (RFC7539) @@ -190,7 +190,7 @@ config CRYPTO_CHACHA20_NEON depends on KERNEL_MODE_NEON select CRYPTO_SKCIPHER select CRYPTO_LIB_CHACHA_GENERIC - select CRYPTO_ARCH_HAVE_LIB_CHACHA + select CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA help Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms diff --git a/arch/mips/crypto/Kconfig b/arch/mips/crypto/Kconfig index 7decd40c4e20..cbeb2f62eb79 100644 --- a/arch/mips/crypto/Kconfig +++ b/arch/mips/crypto/Kconfig @@ -5,7 +5,7 @@ menu "Accelerated Cryptographic Algorithms for CPU (mips)" config CRYPTO_POLY1305_MIPS tristate "Hash functions: Poly1305" depends on MIPS - select CRYPTO_ARCH_HAVE_LIB_POLY1305 + select CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305 help Poly1305 authenticator algorithm (RFC7539) @@ -55,7 +55,7 @@ config CRYPTO_CHACHA_MIPS tristate "Ciphers: ChaCha20, XChaCha20, XChaCha12 (MIPS32r2)" depends on CPU_MIPS32_R2 select CRYPTO_SKCIPHER - select CRYPTO_ARCH_HAVE_LIB_CHACHA + select CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA help Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms diff --git a/arch/s390/crypto/Kconfig b/arch/s390/crypto/Kconfig index b760232537f1..6f7495264943 100644 --- a/arch/s390/crypto/Kconfig +++ b/arch/s390/crypto/Kconfig @@ -112,7 +112,7 @@ config CRYPTO_CHACHA_S390 depends on S390 select CRYPTO_SKCIPHER select CRYPTO_LIB_CHACHA_GENERIC - select CRYPTO_ARCH_HAVE_LIB_CHACHA + select CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA help Length-preserving cipher: ChaCha20 stream cipher (RFC 7539) diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index c542ef1d64d0..6b45bd634cd9 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -50,8 +50,6 @@ config CRYPTO_ARCH_HAVE_LIB_CHACHA config CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA tristate - select CRYPTO_ARCH_HAVE_LIB_CHACHA if CRYPTO_LIB_CHACHA=m - select CRYPTO_ARCH_HAVE_LIB_CHACHA if CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA=y config CRYPTO_LIB_CHACHA_GENERIC tristate @@ -65,7 +63,9 @@ config CRYPTO_LIB_CHACHA_GENERIC config CRYPTO_LIB_CHACHA tristate "ChaCha library interface" - select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n + select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA=n + select CRYPTO_ARCH_HAVE_LIB_CHACHA if CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA!=n + depends on CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA || !CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA help Enable the ChaCha library interface. This interface may be fulfilled by either the generic implementation or an arch-specific one, if one @@ -80,8 +80,6 @@ config CRYPTO_ARCH_HAVE_LIB_CURVE25519 config CRYPTO_ARCH_MAY_HAVE_LIB_CURVE25519 tristate - select CRYPTO_ARCH_HAVE_LIB_CURVE25519 if CRYPTO_LIB_CURVE25519=m - select CRYPTO_ARCH_HAVE_LIB_CURVE25519 if CRYPTO_ARCH_MAY_HAVE_LIB_CURVE25519=y config CRYPTO_LIB_CURVE25519_GENERIC tristate @@ -94,7 +92,9 @@ config CRYPTO_LIB_CURVE25519_GENERIC config CRYPTO_LIB_CURVE25519 tristate "Curve25519 scalar multiplication library" - select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_HAVE_LIB_CURVE25519=n + select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_MAY_HAVE_LIB_CURVE25519=n + select CRYPTO_ARCH_HAVE_LIB_CURVE25519 if CRYPTO_ARCH_MAY_HAVE_LIB_CURVE25519!=n + depends on CRYPTO_ARCH_MAY_HAVE_LIB_CURVE25519 || !CRYPTO_ARCH_MAY_HAVE_LIB_CURVE25519 select CRYPTO_LIB_UTILS help Enable the Curve25519 library interface. This interface may be @@ -120,8 +120,6 @@ config CRYPTO_ARCH_HAVE_LIB_POLY1305 config CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305 tristate - select CRYPTO_ARCH_HAVE_LIB_POLY1305 if CRYPTO_LIB_POLY1305=m - select CRYPTO_ARCH_HAVE_LIB_POLY1305 if CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305=y config CRYPTO_LIB_POLY1305_GENERIC tristate @@ -134,7 +132,9 @@ config CRYPTO_LIB_POLY1305_GENERIC config CRYPTO_LIB_POLY1305 tristate "Poly1305 library interface" - select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n + select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305=n + select CRYPTO_ARCH_HAVE_LIB_POLY1305 if CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305!=n + depends on CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305 || !CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305 help Enable the Poly1305 library interface. This interface may be fulfilled by either the generic implementation or an arch-specific one, if one @@ -143,6 +143,8 @@ config CRYPTO_LIB_POLY1305 config CRYPTO_LIB_CHACHA20POLY1305 tristate "ChaCha20-Poly1305 AEAD support (8-byte nonce library version)" depends on CRYPTO + depends on CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305 || !CRYPTO_ARCH_MAY_HAVE_LIB_POLY1305 + depends on CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA || !CRYPTO_ARCH_MAY_HAVE_LIB_CHACHA select CRYPTO_LIB_CHACHA select CRYPTO_LIB_POLY1305 select CRYPTO_ALGAPI