linux/fs/crypto
Eric Biggers adbd9b4dee fscrypt: remove selection of CONFIG_CRYPTO_SHA256
fscrypt only uses SHA-256 for AES-128-CBC-ESSIV, which isn't the default
and is only recommended on platforms that have hardware accelerated
AES-CBC but not AES-XTS.  There's no link-time dependency, since SHA-256
is requested via the crypto API on first use.

To reduce bloat, we should limit FS_ENCRYPTION to selecting the default
algorithms only.  SHA-256 by itself isn't that much bloat, but it's
being discussed to move ESSIV into a crypto API template, which would
incidentally bring in other things like "authenc" support, which would
all end up being built-in since FS_ENCRYPTION is now a bool.

For Adiantum encryption we already just document that users who want to
use it have to enable CONFIG_CRYPTO_ADIANTUM themselves.  So, let's do
the same for AES-128-CBC-ESSIV and CONFIG_CRYPTO_SHA256.

Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2019-06-27 10:29:33 -07:00
..
bio.c fscrypt: decrypt only the needed blocks in __fscrypt_decrypt_bio() 2019-05-28 10:27:53 -07:00
crypto.c fscrypt: support decrypting multiple filesystem blocks per page 2019-05-28 10:27:53 -07:00
fname.c fscrypt: remove unnecessary includes of ratelimit.h 2019-06-10 19:01:33 -07:00
fscrypt_private.h fscrypt: rename fscrypt_do_page_crypto() to fscrypt_crypt_block() 2019-05-28 10:27:52 -07:00
hooks.c fscrypt: remove unnecessary includes of ratelimit.h 2019-06-10 19:01:33 -07:00
Kconfig fscrypt: remove selection of CONFIG_CRYPTO_SHA256 2019-06-27 10:29:33 -07:00
keyinfo.c fscrypt: remove unnecessary includes of ratelimit.h 2019-06-10 19:01:33 -07:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
policy.c fscrypt: don't set policy for a dead directory 2019-05-28 10:48:23 -07:00