| Message ID | Z7L0KTq1iI0paFmX@gondor.apana.org.au (mailing list archive) |
|---|---|
| State | Rejected |
| Headers | show |
| Series | fsverity: Select CRYPTO_HASH | expand |
On Mon, Feb 17, 2025 at 04:32:41PM +0800, Herbert Xu wrote: > Explicitly select CRYPTO_HASH as it is possible for the CRYPTO API > to be enabled without hashing. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > > diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig > index e1036e535352..d4a05d5b1286 100644 > --- a/fs/verity/Kconfig > +++ b/fs/verity/Kconfig > @@ -3,6 +3,7 @@ > config FS_VERITY > bool "FS Verity (read-only file-based authenticity protection)" > select CRYPTO > + select CRYPTO_HASH > select CRYPTO_HASH_INFO > # SHA-256 is implied as it's intended to be the default hash algorithm. > # To avoid bloat, other wanted algorithms must be selected explicitly. > # Note that CRYPTO_SHA256 denotes the generic C implementation, but > # some architectures provided optimized implementations of the same > # algorithm that may be used instead. In this case, CRYPTO_SHA256 may > # be omitted even if SHA-256 is being used. > imply CRYPTO_SHA256 This only affects the case where someone didn't enable SHA-256, which is broken anyway. So I guess you made that configuration mistake, but I've also seen someone make the equivalent mistake for fscrypt (https://lore.kernel.org/fstests/1207325.1737387826@warthog.procyon.org.uk/). So this seems like a problem. Let's just prevent this by reverting the following commits: commit e3a606f2c544b231f6079c8c5fea451e772e1139 Author: Ard Biesheuvel <ardb@kernel.org> Date: Wed Apr 21 09:55:11 2021 +0200 fsverity: relax build time dependency on CRYPTO_SHA256 commit a0fc20333ee4bac1147c4cf75dea098c26671a2f Author: Ard Biesheuvel <ardb@kernel.org> Date: Wed Apr 21 09:55:10 2021 +0200 fscrypt: relax Kconfig dependencies for crypto API algorithms The crypto API needs to be fixed to give the expected behavior when selecting an algorithm: it must enable the arch-optimized implementation if present, and also the generic implementation *if* the arch-optimized implementation is not guaranteed to be usable at runtime. But until that is done, the best that FS_ENCRYPTION_ALGS and FS_VERITY can do is just select the generic implementation. (Well, they could also select the arch-optimized implementations to work around the Crypto API defect...) - Eric
diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig index e1036e535352..d4a05d5b1286 100644 --- a/fs/verity/Kconfig +++ b/fs/verity/Kconfig @@ -3,6 +3,7 @@ config FS_VERITY bool "FS Verity (read-only file-based authenticity protection)" select CRYPTO + select CRYPTO_HASH select CRYPTO_HASH_INFO # SHA-256 is implied as it's intended to be the default hash algorithm. # To avoid bloat, other wanted algorithms must be selected explicitly.
Explicitly select CRYPTO_HASH as it is possible for the CRYPTO API to be enabled without hashing. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>