diff options
| author | Eric Biggers <ebiggers@kernel.org> | 2026-03-25 17:15:06 -0700 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2026-04-03 08:56:12 +0800 |
| commit | 7339b0e0b75eb56c3b9402bc831799138d219144 (patch) | |
| tree | 81ef0288f24afc2a95cf9e1e60ed63be5f9f4fdf /crypto/Kconfig | |
| parent | 65b3c2f6278516397bebcdbf4698bd3102120ca5 (diff) | |
| download | lwn-7339b0e0b75eb56c3b9402bc831799138d219144.tar.gz lwn-7339b0e0b75eb56c3b9402bc831799138d219144.zip | |
crypto: fips - Depend on CRYPTO_DRBG=y
Currently, the callers of crypto_stdrng_get_bytes() do 'select
CRYPTO_RNG_DEFAULT', which does 'select CRYPTO_DRBG_MENU'.
However, due to the change in how crypto_stdrng_get_bytes() is
implemented, CRYPTO_DRBG_MENU is now needed only when CRYPTO_FIPS.
But, 'select CRYPTO_DRBG_MENU if CRYPTO_FIPS' would cause a recursive
dependency, since CRYPTO_FIPS 'depends on CRYPTO_DRBG'.
Solve this by just making CRYPTO_FIPS depend on CRYPTO_DRBG=y (rather
than CRYPTO_DRBG i.e. CRYPTO_DRBG=y || CRYPTO_DRBG=m). The distros that
use CRYPTO_FIPS=y already set CRYPTO_DRBG=y anyway, which makes sense.
This makes the CRYPTO_RNG_DEFAULT symbol (and its corresponding
selection of CRYPTO_DRBG_MENU) unnecessary. A later commit removes it.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/Kconfig')
| -rw-r--r-- | crypto/Kconfig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index e2b4106ac961..80492538e1f7 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -25,7 +25,7 @@ menu "Crypto core or helper" config CRYPTO_FIPS bool "FIPS 200 compliance" - depends on CRYPTO_DRBG && CRYPTO_SELFTESTS + depends on CRYPTO_DRBG=y && CRYPTO_SELFTESTS depends on (MODULE_SIG || !MODULES) help This option enables the fips boot option which is |