From: Steffen Klassert <steffen.klassert@secunet.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: <netdev@vger.kernel.org>, <linux-crypto@vger.kernel.org>,
Corentin Labbe <clabbe@baylibre.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: Re: [PATCH net v2] esp: select CRYPTO_SEQIV when useful
Date: Sat, 6 Jun 2020 10:13:22 +0200 [thread overview]
Message-ID: <20200606081322.GI13121@gauss3.secunet.de> (raw)
In-Reply-To: <20200605180023.GF1373@sol.localdomain>
On Fri, Jun 05, 2020 at 11:00:23AM -0700, Eric Biggers wrote:
> On Fri, Jun 05, 2020 at 10:39:31AM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
> > index 23ba5045e3d3..6520b30883cf 100644
> > --- a/net/ipv4/Kconfig
> > +++ b/net/ipv4/Kconfig
> > @@ -361,6 +361,7 @@ config INET_ESP
> > select CRYPTO_SHA1
> > select CRYPTO_DES
> > select CRYPTO_ECHAINIV
> > + select CRYPTO_SEQIV if CRYPTO_CTR || CRYPTO_CHACHA20POLY1305
> > ---help---
> > Support for IPsec ESP.
> >
>
> Oops, this doesn't actually work:
>
> scripts/kconfig/conf --olddefconfig Kconfig
> crypto/Kconfig:1799:error: recursive dependency detected!
> crypto/Kconfig:1799: symbol CRYPTO_DRBG_MENU is selected by CRYPTO_RNG_DEFAULT
> crypto/Kconfig:83: symbol CRYPTO_RNG_DEFAULT is selected by CRYPTO_SEQIV
> crypto/Kconfig:330: symbol CRYPTO_SEQIV is selected by CRYPTO_CTR
> crypto/Kconfig:370: symbol CRYPTO_CTR is selected by CRYPTO_DRBG_CTR
> crypto/Kconfig:1819: symbol CRYPTO_DRBG_CTR depends on CRYPTO_DRBG_MENU
> For a resolution refer to Documentation/kbuild/kconfig-language.rst
> subsection "Kconfig recursive dependency limitations"
>
>
> I guess we need to go with v1 (which just had 'select CRYPTO_SEQIV'),
> or else make users explicitly select CRYPTO_SEQIV?
I think we should make INET_ESP to select everything that is
needed to instantiate the ciphers marked as 'MUST' in RFC
8221 and let the users explicitly select everything else.
next prev parent reply other threads:[~2020-06-06 8:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-04 19:23 [PATCH net] esp: select CRYPTO_SEQIV Eric Biggers
2020-06-05 0:28 ` Herbert Xu
2020-06-05 0:29 ` Herbert Xu
2020-06-05 5:09 ` Eric Biggers
2020-06-05 6:47 ` Herbert Xu
2020-06-05 17:39 ` [PATCH net v2] esp: select CRYPTO_SEQIV when useful Eric Biggers
2020-06-05 18:00 ` Eric Biggers
2020-06-06 8:13 ` Steffen Klassert [this message]
2020-06-08 6:23 ` Herbert Xu
2020-06-05 10:01 ` [PATCH net] esp: select CRYPTO_SEQIV Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200606081322.GI13121@gauss3.secunet.de \
--to=steffen.klassert@secunet.com \
--cc=clabbe@baylibre.com \
--cc=ebiggers@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).