Revert "fscrypt: relax Kconfig dependencies for crypto API algorithms"

Commit Message

Eric Biggers Feb. 17, 2025, 6:53 p.m. UTC

From: Eric Biggers <ebiggers@google.com>

This mostly reverts commit a0fc20333ee4bac1147c4cf75dea098c26671a2f.
Keep the relevant parts of the comment added by that commit.

The problem with that commit is that it allowed people to create broken
configurations that enabled FS_ENCRYPTION but not the mandatory
algorithms.  An example of this can be found here:
https://lore.kernel.org/r/1207325.1737387826@warthog.procyon.org.uk/

The commit did allow people to disable specific generic algorithm
implementations that aren't needed.  But that at best allowed saving a
bit of code.  In the real world people are unlikely to intentionally and
correctly make such a tweak anyway, as they tend to just be confused by
what all the different crypto kconfig options mean.

Of course we really need the crypto API to enable the correct
implementations automatically, but that's for a later fix.

Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/crypto/Kconfig | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)


base-commit: 0ad2507d5d93f39619fc42372c347d6006b64319

Comments

Ard Biesheuvel Feb. 17, 2025, 7:16 p.m. UTC | #1

On Mon, 17 Feb 2025 at 19:53, Eric Biggers <ebiggers@kernel.org> wrote:
>
> From: Eric Biggers <ebiggers@google.com>
>
> This mostly reverts commit a0fc20333ee4bac1147c4cf75dea098c26671a2f.
> Keep the relevant parts of the comment added by that commit.
>
> The problem with that commit is that it allowed people to create broken
> configurations that enabled FS_ENCRYPTION but not the mandatory
> algorithms.  An example of this can be found here:
> https://lore.kernel.org/r/1207325.1737387826@warthog.procyon.org.uk/
>
> The commit did allow people to disable specific generic algorithm
> implementations that aren't needed.  But that at best allowed saving a
> bit of code.  In the real world people are unlikely to intentionally and
> correctly make such a tweak anyway, as they tend to just be confused by
> what all the different crypto kconfig options mean.
>
> Of course we really need the crypto API to enable the correct
> implementations automatically, but that's for a later fix.
>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: David Howells <dhowells@redhat.com>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  fs/crypto/Kconfig | 20 ++++++++------------
>  1 file changed, 8 insertions(+), 12 deletions(-)
>

Acked-by: Ard Biesheuvel <ardb@kernel.org>

> diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig
> index 5aff5934baa12..332d828fe6fa5 100644
> --- a/fs/crypto/Kconfig
> +++ b/fs/crypto/Kconfig
> @@ -22,24 +22,20 @@ config FS_ENCRYPTION
>  # as Adiantum encryption, then those other modes need to be explicitly enabled
>  # in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
>  #
>  # Also note that this option only pulls in the generic implementations of the
>  # algorithms, not any per-architecture optimized implementations.  It is
> -# strongly recommended to enable optimized implementations too.  It is safe to
> -# disable these generic implementations if corresponding optimized
> -# implementations will always be available too; for this reason, these are soft
> -# dependencies ('imply' rather than 'select').  Only disable these generic
> -# implementations if you're sure they will never be needed, though.
> +# strongly recommended to enable optimized implementations too.
>  config FS_ENCRYPTION_ALGS
>         tristate
> -       imply CRYPTO_AES
> -       imply CRYPTO_CBC
> -       imply CRYPTO_CTS
> -       imply CRYPTO_ECB
> -       imply CRYPTO_HMAC
> -       imply CRYPTO_SHA512
> -       imply CRYPTO_XTS
> +       select CRYPTO_AES
> +       select CRYPTO_CBC
> +       select CRYPTO_CTS
> +       select CRYPTO_ECB
> +       select CRYPTO_HMAC
> +       select CRYPTO_SHA512
> +       select CRYPTO_XTS
>
>  config FS_ENCRYPTION_INLINE_CRYPT
>         bool "Enable fscrypt to use inline crypto"
>         depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
>         help
>
> base-commit: 0ad2507d5d93f39619fc42372c347d6006b64319
> --
> 2.48.1
>
>

Patch

diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig
index 5aff5934baa12..332d828fe6fa5 100644
--- a/fs/crypto/Kconfig
+++ b/fs/crypto/Kconfig
@@ -22,24 +22,20 @@  config FS_ENCRYPTION
 # as Adiantum encryption, then those other modes need to be explicitly enabled
 # in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
 #
 # Also note that this option only pulls in the generic implementations of the
 # algorithms, not any per-architecture optimized implementations.  It is
-# strongly recommended to enable optimized implementations too.  It is safe to
-# disable these generic implementations if corresponding optimized
-# implementations will always be available too; for this reason, these are soft
-# dependencies ('imply' rather than 'select').  Only disable these generic
-# implementations if you're sure they will never be needed, though.
+# strongly recommended to enable optimized implementations too.
 config FS_ENCRYPTION_ALGS
 	tristate
-	imply CRYPTO_AES
-	imply CRYPTO_CBC
-	imply CRYPTO_CTS
-	imply CRYPTO_ECB
-	imply CRYPTO_HMAC
-	imply CRYPTO_SHA512
-	imply CRYPTO_XTS
+	select CRYPTO_AES
+	select CRYPTO_CBC
+	select CRYPTO_CTS
+	select CRYPTO_ECB
+	select CRYPTO_HMAC
+	select CRYPTO_SHA512
+	select CRYPTO_XTS
 
 config FS_ENCRYPTION_INLINE_CRYPT
 	bool "Enable fscrypt to use inline crypto"
 	depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
 	help