summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorNeil Horman <nhorman@tuxdriver.com>2009-08-20 17:54:16 +1000
committerHerbert Xu <herbert@gondor.apana.org.au>2009-08-20 17:54:16 +1000
commit4e4ed83be6a64c8c9fe69c77f37a26bb62ed21f7 (patch)
tree0418205d9bc498177b31c71d99233971ae145bda /crypto
parent63b5ac286d5d7f668da537cc53a552578f7674a2 (diff)
downloadop-kernel-dev-4e4ed83be6a64c8c9fe69c77f37a26bb62ed21f7.zip
op-kernel-dev-4e4ed83be6a64c8c9fe69c77f37a26bb62ed21f7.tar.gz
crypto: fips - Depend on ansi_cprng
What about something like this? It defaults the CPRNG to m and makes FIPS dependent on the CPRNG. That way you get a module build by default, but you can change it to y manually during config and still satisfy the dependency, and if you select N it disables FIPS as well. I rather like that better than making FIPS a tristate. I just tested it out here and it seems to work well. Let me know what you think Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig8
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 1db0995..7623442 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -23,11 +23,13 @@ comment "Crypto core or helper"
config CRYPTO_FIPS
bool "FIPS 200 compliance"
+ depends on CRYPTO_ANSI_CPRNG
help
This options enables the fips boot option which is
required if you want to system to operate in a FIPS 200
certification. You should say no unless you know what
- this is.
+ this is. Note that CRYPTO_ANSI_CPRNG is requred if this
+ option is selected
config CRYPTO_ALGAPI
tristate
@@ -787,12 +789,14 @@ comment "Random Number Generation"
config CRYPTO_ANSI_CPRNG
tristate "Pseudo Random Number Generation for Cryptographic modules"
+ default m
select CRYPTO_AES
select CRYPTO_RNG
help
This option enables the generic pseudo random number generator
for cryptographic modules. Uses the Algorithm specified in
- ANSI X9.31 A.2.4
+ ANSI X9.31 A.2.4. Not this option must be enabled if CRYPTO_FIPS
+ is selected
source "drivers/crypto/Kconfig"
OpenPOWER on IntegriCloud