Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4e4ed83b authored by Neil Horman's avatar Neil Horman Committed by Herbert Xu
Browse files

crypto: fips - Depend on ansi_cprng 



What about something like this?  It defaults the CPRNG to m and makes FIPS
dependent on the CPRNG.  That way you get a module build by default, but you can
change it to y manually during config and still satisfy the dependency, and if
you select N it disables FIPS as well.  I rather like that better than making
FIPS a tristate.  I just tested it out here and it seems to work well.  Let me
know what you think

Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 63b5ac28

crypto/Kconfig

+6 −2
Original line number Diff line number Diff line
@@ -23,11 +23,13 @@ comment "Crypto core or helper" 


config CRYPTO_FIPS

	bool "FIPS 200 compliance"

	depends on CRYPTO_ANSI_CPRNG

	help

	  This options enables the fips boot option which is

	  required if you want to system to operate in a FIPS 200

	  certification.  You should say no unless you know what

	  this is.

	  this is. Note that CRYPTO_ANSI_CPRNG is requred if this

	  option is selected



config CRYPTO_ALGAPI

	tristate
@@ -787,12 +789,14 @@ comment "Random Number Generation" 


config CRYPTO_ANSI_CPRNG

	tristate "Pseudo Random Number Generation for Cryptographic modules"

	default m

	select CRYPTO_AES

	select CRYPTO_RNG

	help

	  This option enables the generic pseudo random number generator

	  for cryptographic modules.  Uses the Algorithm specified in

	  ANSI X9.31 A.2.4

	  ANSI X9.31 A.2.4. Not this option must be enabled if CRYPTO_FIPS 

	  is selected



source "drivers/crypto/Kconfig"