Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: rng - Don't pull in DRBG when CRYPTO_FIPS=n

crypto_stdrng_get_bytes() is now always available:

- When CRYPTO_FIPS=n it is an inline function that always calls into
the always-built-in drivers/char/random.c.

- When CRYPTO_FIPS=y it is an inline function that calls into either
random.c or crypto/rng.c, depending on the value of fips_enabled.
The former is again always built-in. The latter is built-in as
well in this case, due to CRYPTO_FIPS=y.

Thus, the CRYPTO_RNG_DEFAULT symbol is no longer needed. Remove it.

This makes it so that CRYPTO_DRBG_MENU (and hence also CRYPTO_DRBG,
CRYPTO_JITTERENTROPY, and CRYPTO_LIB_SHA3) no longer gets unnecessarily
pulled into CRYPTO_FIPS=n kernels. I.e. CRYPTO_FIPS=n kernels are no
longer bloated with code that is relevant only to FIPS certifications.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Eric Biggers and committed by
Herbert Xu
4061bc8c 7339b0e0

-7
-7
crypto/Kconfig
··· 109 109 tristate 110 110 select CRYPTO_ALGAPI2 111 111 112 - config CRYPTO_RNG_DEFAULT 113 - tristate 114 - select CRYPTO_DRBG_MENU 115 - 116 112 config CRYPTO_AKCIPHER2 117 113 tristate 118 114 select CRYPTO_ALGAPI2 ··· 292 296 config CRYPTO_DH_RFC7919_GROUPS 293 297 bool "RFC 7919 FFDHE groups" 294 298 depends on CRYPTO_DH 295 - select CRYPTO_RNG_DEFAULT 296 299 help 297 300 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups 298 301 defined in RFC7919. ··· 303 308 304 309 config CRYPTO_ECC 305 310 tristate 306 - select CRYPTO_RNG_DEFAULT 307 311 308 312 config CRYPTO_ECDH 309 313 tristate "ECDH (Elliptic Curve Diffie-Hellman)" ··· 798 804 tristate 799 805 select CRYPTO_AEAD 800 806 select CRYPTO_MANAGER 801 - select CRYPTO_RNG_DEFAULT 802 807 803 808 config CRYPTO_SEQIV 804 809 tristate "Sequence Number IV Generator"