diff mbox

KEYS: fix big_key dependency

Message ID 1471301139-28702-1-git-send-email-k.marinushkin@gmail.com
State New
Headers show

Commit Message

Kirill Marinushkin Aug. 15, 2016, 10:45 p.m. UTC
Signed-off-by: Kirill Marinushkin <k.marinushkin@gmail.com>
---
 security/keys/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Stephan Müller Aug. 16, 2016, 5:48 a.m. UTC | #1
Am Dienstag, 16. August 2016, 00:45:39 CEST schrieb Kirill Marinushkin:

Hi Kirill,

> +	select CRYPTO_ANSI_CPRNG

This change enables the RNG which will not pass FIPS testing any more. Hence, 
this selection could cause an issue in FIPS mode (i.e. booting the kernel with 
fips=1).

May I suggest CRYPTO_DRBG?

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Kirill Marinushkin Aug. 16, 2016, 8:02 p.m. UTC | #2
> May I suggest CRYPTO_DRBG?

Hello Ciao,

Thanks for your proposal. I submitted the PATCH v2 where I use
CRYPTO_RNG_DEFAULT the same way it is used in crypto/Kconfig.
It solves the issue, too. In addition, it selects CRYPTO_DRBG_MENU,
which is a more universal use-case, as I understood from your comment.

Best Regards,
Kirill 

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index f826e87..8213221 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -44,7 +44,7 @@  config BIG_KEYS
 	select CRYPTO
 	select CRYPTO_AES
 	select CRYPTO_ECB
-	select CRYPTO_RNG
+	select CRYPTO_ANSI_CPRNG
 	help
 	  This option provides support for holding large keys within the kernel
 	  (for example Kerberos ticket caches).  The data may be stored out to