On Thu, Jun 20, 2019 at 11:15:05AM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > fscrypt only uses SHA-256 for AES-128-CBC-ESSIV, which isn't the default > and is only recommended on platforms that have hardware accelerated > AES-CBC but not AES-XTS. There's no link-time dependency, since SHA-256 > is requested via the crypto API on first use. > > To reduce bloat, we should limit FS_ENCRYPTION to selecting the default > algorithms only. SHA-256 by itself isn't that much bloat, but it's > being discussed to move ESSIV into a crypto API template, which would > incidentally bring in other things like "authenc" support, which would > all end up being built-in since FS_ENCRYPTION is now a bool. > > For Adiantum encryption we already just document that users who want to > use it have to enable CONFIG_CRYPTO_ADIANTUM themselves. So, let's do > the same for AES-128-CBC-ESSIV and CONFIG_CRYPTO_SHA256. > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Reviewed-by: Theodore Ts'o <tytso@xxxxxxx>