[PATCH] [v2] crypto: lib/Kconfig: hide library options

[PATCH] [v2] crypto: lib/Kconfig: hide library options

[Arnd Bergmann]

From: Arnd Bergmann <arnd@arndb.de>

Any driver that needs these library functions should already be selecting
the corresponding Kconfig symbols, so there is no real point in making
these visible.

The original patch that made these user selectable described problems
with drivers failing to select the code they use, but for consistency
it's better to always use 'select' on a symbol than to mix it with
'depends on'.

Fixes: e56e18985596 ("lib/crypto: add prompts back to crypto libraries")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
v2: add the missing 'select' statements
---
 drivers/crypto/marvell/Kconfig | 4 ++--
 lib/crypto/Kconfig             | 8 ++++----
 security/keys/Kconfig          | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/marvell/Kconfig b/drivers/crypto/marvell/Kconfig
index 4c25a78ab3ed..aa269abb0499 100644
--- a/drivers/crypto/marvell/Kconfig
+++ b/drivers/crypto/marvell/Kconfig
@@ -24,7 +24,7 @@ config CRYPTO_DEV_OCTEONTX_CPT
 	tristate "Support for Marvell OcteonTX CPT driver"
 	depends on ARCH_THUNDER || COMPILE_TEST
 	depends on PCI_MSI && 64BIT
-	depends on CRYPTO_LIB_AES
+	select CRYPTO_LIB_AES
 	select CRYPTO_SKCIPHER
 	select CRYPTO_HASH
 	select CRYPTO_AEAD
@@ -41,10 +41,10 @@ config CRYPTO_DEV_OCTEONTX2_CPT
 	tristate "Marvell OcteonTX2 CPT driver"
 	depends on ARCH_THUNDER2 || COMPILE_TEST
 	depends on PCI_MSI && 64BIT
-	depends on CRYPTO_LIB_AES
 	depends on NET_VENDOR_MARVELL
 	select OCTEONTX2_MBOX
 	select CRYPTO_DEV_MARVELL
+	select CRYPTO_LIB_AES
 	select CRYPTO_SKCIPHER
 	select CRYPTO_HASH
 	select CRYPTO_AEAD
diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
index 17322f871586..798972b29b68 100644
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -63,7 +63,7 @@ config CRYPTO_LIB_CHACHA_INTERNAL
 	select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n
 
 config CRYPTO_LIB_CHACHA
-	tristate "ChaCha library interface"
+	tristate
 	select CRYPTO
 	select CRYPTO_LIB_CHACHA_INTERNAL
 	help
@@ -93,7 +93,7 @@ config CRYPTO_LIB_CURVE25519_INTERNAL
 	select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_HAVE_LIB_CURVE25519=n
 
 config CRYPTO_LIB_CURVE25519
-	tristate "Curve25519 scalar multiplication library"
+	tristate
 	select CRYPTO
 	select CRYPTO_LIB_CURVE25519_INTERNAL
 	help
@@ -132,7 +132,7 @@ config CRYPTO_LIB_POLY1305_INTERNAL
 	select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n
 
 config CRYPTO_LIB_POLY1305
-	tristate "Poly1305 library interface"
+	tristate
 	select CRYPTO
 	select CRYPTO_LIB_POLY1305_INTERNAL
 	help
@@ -141,7 +141,7 @@ config CRYPTO_LIB_POLY1305
 	  is available and enabled.
 
 config CRYPTO_LIB_CHACHA20POLY1305
-	tristate "ChaCha20-Poly1305 AEAD support (8-byte nonce library version)"
+	tristate
 	select CRYPTO_LIB_CHACHA
 	select CRYPTO_LIB_POLY1305
 	select CRYPTO_LIB_UTILS
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index abb03a1b2a5c..d4f5fc1e7263 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -60,7 +60,7 @@ config BIG_KEYS
 	bool "Large payload keys"
 	depends on KEYS
 	depends on TMPFS
-	depends on CRYPTO_LIB_CHACHA20POLY1305 = y
+	select CRYPTO_LIB_CHACHA20POLY1305
 	help
 	  This option provides support for holding large keys within the kernel
 	  (for example Kerberos ticket caches).  The data may be stored out to
-- 
2.39.5

Re: [PATCH] [v2] crypto: lib/Kconfig: hide library options

[David Howells]

Arnd Bergmann <arnd@kernel.org> wrote:

> -	depends on CRYPTO_LIB_CHACHA20POLY1305 = y
> +	select CRYPTO_LIB_CHACHA20POLY1305

Doesn't that allow CRYPTO_LIB_CHACHA20POLY1305=m?

David

Re: [PATCH] [v2] crypto: lib/Kconfig: hide library options

[Herbert Xu]

On Mon, Mar 17, 2025 at 08:36:25AM +0000, David Howells wrote:
> Arnd Bergmann <arnd@kernel.org> wrote:
> 
> > -	depends on CRYPTO_LIB_CHACHA20POLY1305 = y
> > +	select CRYPTO_LIB_CHACHA20POLY1305
> 
> Doesn't that allow CRYPTO_LIB_CHACHA20POLY1305=m?

Not unless BIG_KEYS is tristate or under a tristate.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] [v2] crypto: lib/Kconfig: hide library options

[Arnd Bergmann]

On Mon, Mar 17, 2025, at 09:37, Herbert Xu wrote:
> On Mon, Mar 17, 2025 at 08:36:25AM +0000, David Howells wrote:
>> Arnd Bergmann <arnd@kernel.org> wrote:
>> 
>> > -	depends on CRYPTO_LIB_CHACHA20POLY1305 = y
>> > +	select CRYPTO_LIB_CHACHA20POLY1305
>> 
>> Doesn't that allow CRYPTO_LIB_CHACHA20POLY1305=m?
>
> Not unless BIG_KEYS is tristate or under a tristate.

Right, or if it selects something that has a dependency.

Before commit 17ec3e71ba79 ("crypto: lib/Kconfig - Hide arch
options from user"), CRYPTO_LIB_CHACHA20POLY1305 had a
dependency on CONFIG_CRYPTO, so with CRYPTO=m, the 'select CRYPTO_LIB_CHACHA20POLY1305' in BIG_KEYS would result in
CRYPTO_LIB_CHACHA20POLY1305=m.

     Arnd

Re: [PATCH] [v2] crypto: lib/Kconfig: hide library options

[Jarkko Sakkinen]

On Fri, Mar 14, 2025 at 05:05:32PM +0100, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
> 
> Any driver that needs these library functions should already be selecting
> the corresponding Kconfig symbols, so there is no real point in making
> these visible.
> 
> The original patch that made these user selectable described problems
> with drivers failing to select the code they use, but for consistency
> it's better to always use 'select' on a symbol than to mix it with
> 'depends on'.
> 
> Fixes: e56e18985596 ("lib/crypto: add prompts back to crypto libraries")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
> v2: add the missing 'select' statements
> ---
>  drivers/crypto/marvell/Kconfig | 4 ++--
>  lib/crypto/Kconfig             | 8 ++++----
>  security/keys/Kconfig          | 2 +-
>  3 files changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/crypto/marvell/Kconfig b/drivers/crypto/marvell/Kconfig
> index 4c25a78ab3ed..aa269abb0499 100644
> --- a/drivers/crypto/marvell/Kconfig
> +++ b/drivers/crypto/marvell/Kconfig
> @@ -24,7 +24,7 @@ config CRYPTO_DEV_OCTEONTX_CPT
>  	tristate "Support for Marvell OcteonTX CPT driver"
>  	depends on ARCH_THUNDER || COMPILE_TEST
>  	depends on PCI_MSI && 64BIT
> -	depends on CRYPTO_LIB_AES
> +	select CRYPTO_LIB_AES
>  	select CRYPTO_SKCIPHER
>  	select CRYPTO_HASH
>  	select CRYPTO_AEAD
> @@ -41,10 +41,10 @@ config CRYPTO_DEV_OCTEONTX2_CPT
>  	tristate "Marvell OcteonTX2 CPT driver"
>  	depends on ARCH_THUNDER2 || COMPILE_TEST
>  	depends on PCI_MSI && 64BIT
> -	depends on CRYPTO_LIB_AES
>  	depends on NET_VENDOR_MARVELL
>  	select OCTEONTX2_MBOX
>  	select CRYPTO_DEV_MARVELL
> +	select CRYPTO_LIB_AES
>  	select CRYPTO_SKCIPHER
>  	select CRYPTO_HASH
>  	select CRYPTO_AEAD
> diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
> index 17322f871586..798972b29b68 100644
> --- a/lib/crypto/Kconfig
> +++ b/lib/crypto/Kconfig
> @@ -63,7 +63,7 @@ config CRYPTO_LIB_CHACHA_INTERNAL
>  	select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n
>  
>  config CRYPTO_LIB_CHACHA
> -	tristate "ChaCha library interface"
> +	tristate
>  	select CRYPTO
>  	select CRYPTO_LIB_CHACHA_INTERNAL
>  	help
> @@ -93,7 +93,7 @@ config CRYPTO_LIB_CURVE25519_INTERNAL
>  	select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_HAVE_LIB_CURVE25519=n
>  
>  config CRYPTO_LIB_CURVE25519
> -	tristate "Curve25519 scalar multiplication library"
> +	tristate
>  	select CRYPTO
>  	select CRYPTO_LIB_CURVE25519_INTERNAL
>  	help
> @@ -132,7 +132,7 @@ config CRYPTO_LIB_POLY1305_INTERNAL
>  	select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n
>  
>  config CRYPTO_LIB_POLY1305
> -	tristate "Poly1305 library interface"
> +	tristate
>  	select CRYPTO
>  	select CRYPTO_LIB_POLY1305_INTERNAL
>  	help
> @@ -141,7 +141,7 @@ config CRYPTO_LIB_POLY1305
>  	  is available and enabled.
>  
>  config CRYPTO_LIB_CHACHA20POLY1305
> -	tristate "ChaCha20-Poly1305 AEAD support (8-byte nonce library version)"
> +	tristate
>  	select CRYPTO_LIB_CHACHA
>  	select CRYPTO_LIB_POLY1305
>  	select CRYPTO_LIB_UTILS
> diff --git a/security/keys/Kconfig b/security/keys/Kconfig
> index abb03a1b2a5c..d4f5fc1e7263 100644
> --- a/security/keys/Kconfig
> +++ b/security/keys/Kconfig
> @@ -60,7 +60,7 @@ config BIG_KEYS
>  	bool "Large payload keys"
>  	depends on KEYS
>  	depends on TMPFS
> -	depends on CRYPTO_LIB_CHACHA20POLY1305 = y
> +	select CRYPTO_LIB_CHACHA20POLY1305
>  	help
>  	  This option provides support for holding large keys within the kernel
>  	  (for example Kerberos ticket caches).  The data may be stored out to
> -- 
> 2.39.5
> 
> 

Acked-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko

Re: [PATCH] [v2] crypto: lib/Kconfig: hide library options

[Herbert Xu]

On Fri, Mar 14, 2025 at 05:05:32PM +0100, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
> 
> Any driver that needs these library functions should already be selecting
> the corresponding Kconfig symbols, so there is no real point in making
> these visible.
> 
> The original patch that made these user selectable described problems
> with drivers failing to select the code they use, but for consistency
> it's better to always use 'select' on a symbol than to mix it with
> 'depends on'.
> 
> Fixes: e56e18985596 ("lib/crypto: add prompts back to crypto libraries")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
> v2: add the missing 'select' statements
> ---
>  drivers/crypto/marvell/Kconfig | 4 ++--
>  lib/crypto/Kconfig             | 8 ++++----
>  security/keys/Kconfig          | 2 +-
>  3 files changed, 7 insertions(+), 7 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] [v2] crypto: lib/Kconfig: hide library options

[Geert Uytterhoeven]

Hi Arnd,

On Fri, 14 Mar 2025 at 17:05, Arnd Bergmann <arnd@kernel.org> wrote:
> From: Arnd Bergmann <arnd@arndb.de>
>
> Any driver that needs these library functions should already be selecting
> the corresponding Kconfig symbols, so there is no real point in making
> these visible.
>
> The original patch that made these user selectable described problems
> with drivers failing to select the code they use, but for consistency
> it's better to always use 'select' on a symbol than to mix it with
> 'depends on'.
>
> Fixes: e56e18985596 ("lib/crypto: add prompts back to crypto libraries")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

Thanks for your patch, which is now commit edc8e80bf862a728 ("crypto:
lib/Kconfig - hide library options").

> --- a/security/keys/Kconfig
> +++ b/security/keys/Kconfig
> @@ -60,7 +60,7 @@ config BIG_KEYS
>         bool "Large payload keys"
>         depends on KEYS
>         depends on TMPFS
> -       depends on CRYPTO_LIB_CHACHA20POLY1305 = y
> +       select CRYPTO_LIB_CHACHA20POLY1305
>         help
>           This option provides support for holding large keys within the kernel
>           (for example Kerberos ticket caches).  The data may be stored out to

Due to dropping the dependency, this appeared on my radar.
Should this be selected by one or some of the Kerberos Kconfig symbols?

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH] [v2] crypto: lib/Kconfig: hide library options

[Arnd Bergmann]

On Sun, Mar 30, 2025, at 10:34, Geert Uytterhoeven wrote:
> On Fri, 14 Mar 2025 at 17:05, Arnd Bergmann <arnd@kernel.org> wrote:
>
>> --- a/security/keys/Kconfig
>> +++ b/security/keys/Kconfig
>> @@ -60,7 +60,7 @@ config BIG_KEYS
>>         bool "Large payload keys"
>>         depends on KEYS
>>         depends on TMPFS
>> -       depends on CRYPTO_LIB_CHACHA20POLY1305 = y
>> +       select CRYPTO_LIB_CHACHA20POLY1305
>>         help
>>           This option provides support for holding large keys within the kernel
>>           (for example Kerberos ticket caches).  The data may be stored out to
>
> Due to dropping the dependency, this appeared on my radar.
> Should this be selected by one or some of the Kerberos Kconfig symbols?
>

I don't see why: before commit 521fd61c84a1 ("security/keys: rewrite
big_key crypto to use library interface") it was user selectable
without the crypto dependency, and now it got back to that. I think
from the point of view of Kconfig that is how we want it.

     Arnd

Re: [PATCH] [v2] crypto: lib/Kconfig: hide library options

[Geert Uytterhoeven]

Hi Arnd,

On Sun, 30 Mar 2025 at 10:45, Arnd Bergmann <arnd@arndb.de> wrote:
> On Sun, Mar 30, 2025, at 10:34, Geert Uytterhoeven wrote:
> > On Fri, 14 Mar 2025 at 17:05, Arnd Bergmann <arnd@kernel.org> wrote:
> >> --- a/security/keys/Kconfig
> >> +++ b/security/keys/Kconfig
> >> @@ -60,7 +60,7 @@ config BIG_KEYS
> >>         bool "Large payload keys"
> >>         depends on KEYS
> >>         depends on TMPFS
> >> -       depends on CRYPTO_LIB_CHACHA20POLY1305 = y
> >> +       select CRYPTO_LIB_CHACHA20POLY1305
> >>         help
> >>           This option provides support for holding large keys within the kernel
> >>           (for example Kerberos ticket caches).  The data may be stored out to
> >
> > Due to dropping the dependency, this appeared on my radar.
> > Should this be selected by one or some of the Kerberos Kconfig symbols?
>
> I don't see why: before commit 521fd61c84a1 ("security/keys: rewrite
> big_key crypto to use library interface") it was user selectable
> without the crypto dependency, and now it got back to that. I think
> from the point of view of Kconfig that is how we want it.

Sure, I mean from a functional point of view.  Let me rephrase:
When do you want to store Kerberos ticket caches within the kernel?
Is that pure user-space, or is that done by the kernel?

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH] [v2] crypto: lib/Kconfig: hide library options

[Herbert Xu]

On Sun, Mar 30, 2025 at 10:54:12AM +0200, Geert Uytterhoeven wrote:
>
> Sure, I mean from a functional point of view.  Let me rephrase:
> When do you want to store Kerberos ticket caches within the kernel?
> Is that pure user-space, or is that done by the kernel?

I think it's purely user-space.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt