diff options
author | Eric Biggers <ebiggers@google.com> | 2020-07-22 00:59:16 +0200 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2020-07-22 01:02:13 +0200 |
commit | bd0d97b7191e8f3573681fa854fdb04c1a970c1e (patch) | |
tree | a32b0fd5de253bfef08c6d9730bff73998028b77 /fs/crypto/Kconfig | |
parent | fscrypt: restrict IV_INO_LBLK_* to AES-256-XTS (diff) | |
download | linux-bd0d97b7191e8f3573681fa854fdb04c1a970c1e.tar.xz linux-bd0d97b7191e8f3573681fa854fdb04c1a970c1e.zip |
fscrypt: switch fscrypt_do_sha256() to use the SHA-256 library
fscrypt_do_sha256() is only used for hashing encrypted filenames to
create no-key tokens, which isn't performance-critical. Therefore a C
implementation of SHA-256 is sufficient.
Also, the logic to create no-key tokens is always potentially needed.
This differs from fscrypt's other dependencies on crypto API algorithms,
which are conditionally needed depending on what encryption policies
userspace is using. Therefore, for fscrypt there isn't much benefit to
allowing SHA-256 to be a loadable module.
So, make fscrypt_do_sha256() use the SHA-256 library instead of the
crypto_shash API. This is much simpler, since it avoids having to
implement one-time-init (which is hard to do correctly, and in fact was
implemented incorrectly) and handle failures to allocate the
crypto_shash object.
Fixes: edc440e3d27f ("fscrypt: improve format of no-key names")
Cc: Daniel Rosenberg <drosen@google.com>
Link: https://lore.kernel.org/r/20200721225920.114347-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Diffstat (limited to 'fs/crypto/Kconfig')
-rw-r--r-- | fs/crypto/Kconfig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig index f1f11a6228eb..a5f5c30368a2 100644 --- a/fs/crypto/Kconfig +++ b/fs/crypto/Kconfig @@ -4,6 +4,7 @@ config FS_ENCRYPTION select CRYPTO select CRYPTO_HASH select CRYPTO_SKCIPHER + select CRYPTO_LIB_SHA256 select KEYS help Enable encryption of files and directories. This @@ -21,7 +22,6 @@ config FS_ENCRYPTION_ALGS select CRYPTO_CTS select CRYPTO_ECB select CRYPTO_HMAC - select CRYPTO_SHA256 select CRYPTO_SHA512 select CRYPTO_XTS |