diff options
author | Neil Horman <nhorman@tuxdriver.com> | 2009-08-20 17:54:16 +1000 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2009-08-20 17:54:16 +1000 |
commit | 4e4ed83be6a64c8c9fe69c77f37a26bb62ed21f7 (patch) | |
tree | 0418205d9bc498177b31c71d99233971ae145bda /crypto | |
parent | 63b5ac286d5d7f668da537cc53a552578f7674a2 (diff) | |
download | op-kernel-dev-4e4ed83be6a64c8c9fe69c77f37a26bb62ed21f7.zip op-kernel-dev-4e4ed83be6a64c8c9fe69c77f37a26bb62ed21f7.tar.gz |
crypto: fips - Depend on ansi_cprng
What about something like this? It defaults the CPRNG to m and makes FIPS
dependent on the CPRNG. That way you get a module build by default, but you can
change it to y manually during config and still satisfy the dependency, and if
you select N it disables FIPS as well. I rather like that better than making
FIPS a tristate. I just tested it out here and it seems to work well. Let me
know what you think
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/Kconfig | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index 1db0995..7623442 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -23,11 +23,13 @@ comment "Crypto core or helper" config CRYPTO_FIPS bool "FIPS 200 compliance" + depends on CRYPTO_ANSI_CPRNG help This options enables the fips boot option which is required if you want to system to operate in a FIPS 200 certification. You should say no unless you know what - this is. + this is. Note that CRYPTO_ANSI_CPRNG is requred if this + option is selected config CRYPTO_ALGAPI tristate @@ -787,12 +789,14 @@ comment "Random Number Generation" config CRYPTO_ANSI_CPRNG tristate "Pseudo Random Number Generation for Cryptographic modules" + default m select CRYPTO_AES select CRYPTO_RNG help This option enables the generic pseudo random number generator for cryptographic modules. Uses the Algorithm specified in - ANSI X9.31 A.2.4 + ANSI X9.31 A.2.4. Not this option must be enabled if CRYPTO_FIPS + is selected source "drivers/crypto/Kconfig" |