| Message ID | 20250314160543.605055-1-arnd@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] crypto: lib/Kconfig: hide library options | expand |
Arnd Bergmann <arnd@kernel.org> wrote: > - depends on CRYPTO_LIB_CHACHA20POLY1305 = y > + select CRYPTO_LIB_CHACHA20POLY1305 Doesn't that allow CRYPTO_LIB_CHACHA20POLY1305=m? David
On Mon, Mar 17, 2025 at 08:36:25AM +0000, David Howells wrote: > Arnd Bergmann <arnd@kernel.org> wrote: > > > - depends on CRYPTO_LIB_CHACHA20POLY1305 = y > > + select CRYPTO_LIB_CHACHA20POLY1305 > > Doesn't that allow CRYPTO_LIB_CHACHA20POLY1305=m? Not unless BIG_KEYS is tristate or under a tristate. Cheers,
On Mon, Mar 17, 2025, at 09:37, Herbert Xu wrote: > On Mon, Mar 17, 2025 at 08:36:25AM +0000, David Howells wrote: >> Arnd Bergmann <arnd@kernel.org> wrote: >> >> > - depends on CRYPTO_LIB_CHACHA20POLY1305 = y >> > + select CRYPTO_LIB_CHACHA20POLY1305 >> >> Doesn't that allow CRYPTO_LIB_CHACHA20POLY1305=m? > > Not unless BIG_KEYS is tristate or under a tristate. Right, or if it selects something that has a dependency. Before commit 17ec3e71ba79 ("crypto: lib/Kconfig - Hide arch options from user"), CRYPTO_LIB_CHACHA20POLY1305 had a dependency on CONFIG_CRYPTO, so with CRYPTO=m, the 'select CRYPTO_LIB_CHACHA20POLY1305' in BIG_KEYS would result in CRYPTO_LIB_CHACHA20POLY1305=m. Arnd
On Fri, Mar 14, 2025 at 05:05:32PM +0100, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@arndb.de> > > Any driver that needs these library functions should already be selecting > the corresponding Kconfig symbols, so there is no real point in making > these visible. > > The original patch that made these user selectable described problems > with drivers failing to select the code they use, but for consistency > it's better to always use 'select' on a symbol than to mix it with > 'depends on'. > > Fixes: e56e18985596 ("lib/crypto: add prompts back to crypto libraries") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > v2: add the missing 'select' statements > --- > drivers/crypto/marvell/Kconfig | 4 ++-- > lib/crypto/Kconfig | 8 ++++---- > security/keys/Kconfig | 2 +- > 3 files changed, 7 insertions(+), 7 deletions(-) > > diff --git a/drivers/crypto/marvell/Kconfig b/drivers/crypto/marvell/Kconfig > index 4c25a78ab3ed..aa269abb0499 100644 > --- a/drivers/crypto/marvell/Kconfig > +++ b/drivers/crypto/marvell/Kconfig > @@ -24,7 +24,7 @@ config CRYPTO_DEV_OCTEONTX_CPT > tristate "Support for Marvell OcteonTX CPT driver" > depends on ARCH_THUNDER || COMPILE_TEST > depends on PCI_MSI && 64BIT > - depends on CRYPTO_LIB_AES > + select CRYPTO_LIB_AES > select CRYPTO_SKCIPHER > select CRYPTO_HASH > select CRYPTO_AEAD > @@ -41,10 +41,10 @@ config CRYPTO_DEV_OCTEONTX2_CPT > tristate "Marvell OcteonTX2 CPT driver" > depends on ARCH_THUNDER2 || COMPILE_TEST > depends on PCI_MSI && 64BIT > - depends on CRYPTO_LIB_AES > depends on NET_VENDOR_MARVELL > select OCTEONTX2_MBOX > select CRYPTO_DEV_MARVELL > + select CRYPTO_LIB_AES > select CRYPTO_SKCIPHER > select CRYPTO_HASH > select CRYPTO_AEAD > diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig > index 17322f871586..798972b29b68 100644 > --- a/lib/crypto/Kconfig > +++ b/lib/crypto/Kconfig > @@ -63,7 +63,7 @@ config CRYPTO_LIB_CHACHA_INTERNAL > select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n > > config CRYPTO_LIB_CHACHA > - tristate "ChaCha library interface" > + tristate > select CRYPTO > select CRYPTO_LIB_CHACHA_INTERNAL > help > @@ -93,7 +93,7 @@ config CRYPTO_LIB_CURVE25519_INTERNAL > select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_HAVE_LIB_CURVE25519=n > > config CRYPTO_LIB_CURVE25519 > - tristate "Curve25519 scalar multiplication library" > + tristate > select CRYPTO > select CRYPTO_LIB_CURVE25519_INTERNAL > help > @@ -132,7 +132,7 @@ config CRYPTO_LIB_POLY1305_INTERNAL > select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n > > config CRYPTO_LIB_POLY1305 > - tristate "Poly1305 library interface" > + tristate > select CRYPTO > select CRYPTO_LIB_POLY1305_INTERNAL > help > @@ -141,7 +141,7 @@ config CRYPTO_LIB_POLY1305 > is available and enabled. > > config CRYPTO_LIB_CHACHA20POLY1305 > - tristate "ChaCha20-Poly1305 AEAD support (8-byte nonce library version)" > + tristate > select CRYPTO_LIB_CHACHA > select CRYPTO_LIB_POLY1305 > select CRYPTO_LIB_UTILS > diff --git a/security/keys/Kconfig b/security/keys/Kconfig > index abb03a1b2a5c..d4f5fc1e7263 100644 > --- a/security/keys/Kconfig > +++ b/security/keys/Kconfig > @@ -60,7 +60,7 @@ config BIG_KEYS > bool "Large payload keys" > depends on KEYS > depends on TMPFS > - depends on CRYPTO_LIB_CHACHA20POLY1305 = y > + select CRYPTO_LIB_CHACHA20POLY1305 > help > This option provides support for holding large keys within the kernel > (for example Kerberos ticket caches). The data may be stored out to > -- > 2.39.5 > > Acked-by: Jarkko Sakkinen <jarkko@kernel.org> BR, Jarkko
On Fri, Mar 14, 2025 at 05:05:32PM +0100, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@arndb.de> > > Any driver that needs these library functions should already be selecting > the corresponding Kconfig symbols, so there is no real point in making > these visible. > > The original patch that made these user selectable described problems > with drivers failing to select the code they use, but for consistency > it's better to always use 'select' on a symbol than to mix it with > 'depends on'. > > Fixes: e56e18985596 ("lib/crypto: add prompts back to crypto libraries") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > v2: add the missing 'select' statements > --- > drivers/crypto/marvell/Kconfig | 4 ++-- > lib/crypto/Kconfig | 8 ++++---- > security/keys/Kconfig | 2 +- > 3 files changed, 7 insertions(+), 7 deletions(-) Patch applied. Thanks.
Hi Arnd, On Fri, 14 Mar 2025 at 17:05, Arnd Bergmann <arnd@kernel.org> wrote: > From: Arnd Bergmann <arnd@arndb.de> > > Any driver that needs these library functions should already be selecting > the corresponding Kconfig symbols, so there is no real point in making > these visible. > > The original patch that made these user selectable described problems > with drivers failing to select the code they use, but for consistency > it's better to always use 'select' on a symbol than to mix it with > 'depends on'. > > Fixes: e56e18985596 ("lib/crypto: add prompts back to crypto libraries") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> Thanks for your patch, which is now commit edc8e80bf862a728 ("crypto: lib/Kconfig - hide library options"). > --- a/security/keys/Kconfig > +++ b/security/keys/Kconfig > @@ -60,7 +60,7 @@ config BIG_KEYS > bool "Large payload keys" > depends on KEYS > depends on TMPFS > - depends on CRYPTO_LIB_CHACHA20POLY1305 = y > + select CRYPTO_LIB_CHACHA20POLY1305 > help > This option provides support for holding large keys within the kernel > (for example Kerberos ticket caches). The data may be stored out to Due to dropping the dependency, this appeared on my radar. Should this be selected by one or some of the Kerberos Kconfig symbols? Gr{oetje,eeting}s, Geert
On Sun, Mar 30, 2025, at 10:34, Geert Uytterhoeven wrote: > On Fri, 14 Mar 2025 at 17:05, Arnd Bergmann <arnd@kernel.org> wrote: > >> --- a/security/keys/Kconfig >> +++ b/security/keys/Kconfig >> @@ -60,7 +60,7 @@ config BIG_KEYS >> bool "Large payload keys" >> depends on KEYS >> depends on TMPFS >> - depends on CRYPTO_LIB_CHACHA20POLY1305 = y >> + select CRYPTO_LIB_CHACHA20POLY1305 >> help >> This option provides support for holding large keys within the kernel >> (for example Kerberos ticket caches). The data may be stored out to > > Due to dropping the dependency, this appeared on my radar. > Should this be selected by one or some of the Kerberos Kconfig symbols? > I don't see why: before commit 521fd61c84a1 ("security/keys: rewrite big_key crypto to use library interface") it was user selectable without the crypto dependency, and now it got back to that. I think from the point of view of Kconfig that is how we want it. Arnd
Hi Arnd, On Sun, 30 Mar 2025 at 10:45, Arnd Bergmann <arnd@arndb.de> wrote: > On Sun, Mar 30, 2025, at 10:34, Geert Uytterhoeven wrote: > > On Fri, 14 Mar 2025 at 17:05, Arnd Bergmann <arnd@kernel.org> wrote: > >> --- a/security/keys/Kconfig > >> +++ b/security/keys/Kconfig > >> @@ -60,7 +60,7 @@ config BIG_KEYS > >> bool "Large payload keys" > >> depends on KEYS > >> depends on TMPFS > >> - depends on CRYPTO_LIB_CHACHA20POLY1305 = y > >> + select CRYPTO_LIB_CHACHA20POLY1305 > >> help > >> This option provides support for holding large keys within the kernel > >> (for example Kerberos ticket caches). The data may be stored out to > > > > Due to dropping the dependency, this appeared on my radar. > > Should this be selected by one or some of the Kerberos Kconfig symbols? > > I don't see why: before commit 521fd61c84a1 ("security/keys: rewrite > big_key crypto to use library interface") it was user selectable > without the crypto dependency, and now it got back to that. I think > from the point of view of Kconfig that is how we want it. Sure, I mean from a functional point of view. Let me rephrase: When do you want to store Kerberos ticket caches within the kernel? Is that pure user-space, or is that done by the kernel? Gr{oetje,eeting}s, Geert
On Sun, Mar 30, 2025 at 10:54:12AM +0200, Geert Uytterhoeven wrote: > > Sure, I mean from a functional point of view. Let me rephrase: > When do you want to store Kerberos ticket caches within the kernel? > Is that pure user-space, or is that done by the kernel? I think it's purely user-space. Cheers,
diff --git a/drivers/crypto/marvell/Kconfig b/drivers/crypto/marvell/Kconfig index 4c25a78ab3ed..aa269abb0499 100644 --- a/drivers/crypto/marvell/Kconfig +++ b/drivers/crypto/marvell/Kconfig @@ -24,7 +24,7 @@ config CRYPTO_DEV_OCTEONTX_CPT tristate "Support for Marvell OcteonTX CPT driver" depends on ARCH_THUNDER || COMPILE_TEST depends on PCI_MSI && 64BIT - depends on CRYPTO_LIB_AES + select CRYPTO_LIB_AES select CRYPTO_SKCIPHER select CRYPTO_HASH select CRYPTO_AEAD @@ -41,10 +41,10 @@ config CRYPTO_DEV_OCTEONTX2_CPT tristate "Marvell OcteonTX2 CPT driver" depends on ARCH_THUNDER2 || COMPILE_TEST depends on PCI_MSI && 64BIT - depends on CRYPTO_LIB_AES depends on NET_VENDOR_MARVELL select OCTEONTX2_MBOX select CRYPTO_DEV_MARVELL + select CRYPTO_LIB_AES select CRYPTO_SKCIPHER select CRYPTO_HASH select CRYPTO_AEAD diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index 17322f871586..798972b29b68 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -63,7 +63,7 @@ config CRYPTO_LIB_CHACHA_INTERNAL select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n config CRYPTO_LIB_CHACHA - tristate "ChaCha library interface" + tristate select CRYPTO select CRYPTO_LIB_CHACHA_INTERNAL help @@ -93,7 +93,7 @@ config CRYPTO_LIB_CURVE25519_INTERNAL select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_HAVE_LIB_CURVE25519=n config CRYPTO_LIB_CURVE25519 - tristate "Curve25519 scalar multiplication library" + tristate select CRYPTO select CRYPTO_LIB_CURVE25519_INTERNAL help @@ -132,7 +132,7 @@ config CRYPTO_LIB_POLY1305_INTERNAL select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n config CRYPTO_LIB_POLY1305 - tristate "Poly1305 library interface" + tristate select CRYPTO select CRYPTO_LIB_POLY1305_INTERNAL help @@ -141,7 +141,7 @@ config CRYPTO_LIB_POLY1305 is available and enabled. config CRYPTO_LIB_CHACHA20POLY1305 - tristate "ChaCha20-Poly1305 AEAD support (8-byte nonce library version)" + tristate select CRYPTO_LIB_CHACHA select CRYPTO_LIB_POLY1305 select CRYPTO_LIB_UTILS diff --git a/security/keys/Kconfig b/security/keys/Kconfig index abb03a1b2a5c..d4f5fc1e7263 100644 --- a/security/keys/Kconfig +++ b/security/keys/Kconfig @@ -60,7 +60,7 @@ config BIG_KEYS bool "Large payload keys" depends on KEYS depends on TMPFS - depends on CRYPTO_LIB_CHACHA20POLY1305 = y + select CRYPTO_LIB_CHACHA20POLY1305 help This option provides support for holding large keys within the kernel (for example Kerberos ticket caches). The data may be stored out to