Skip to content

[redhat] New configs in crypto/Kconfig

Jeremy Cline requested to merge configs/2020-10-13/crypto/Kconfig into os-build

Hi,

As part of the ongoing rebase effort, the following configuration options need to be reviewed.

As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.

If the value for a file that is added should be changed, please reply with a better option.

CONFIG_CRYPTO_SM2:

Generic implementation of the SM2 public key algorithm. It was published by State Encryption Management Bureau, China. as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.

References: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml http://www.gmbz.org.cn/main/bzlb.html

Symbol: CRYPTO_SM2 [=n] Type : tristate Defined at crypto/Kconfig:263 Prompt: SM2 algorithm Depends on: CRYPTO [=y] Location: -> Cryptographic API (CRYPTO [=y]) Selects: CRYPTO_SM3 [=n] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y] && MPILIB [=y] && ASN1 [=y]

CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:

Allow obsolete cryptographic algorithms to be selected that have already been phased out from internal use by the kernel, and are only useful for userspace clients that still rely on them.

Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y] Type : bool Defined at crypto/Kconfig:1915 Prompt: Enable obsolete cryptographic algorithms for userspace Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y] Location: -> Cryptographic API (CRYPTO [=y])

CONFIG_CRYPTO_USER_API_RNG_CAVP:

This option enables extra API for CAVP testing via the user-space interface: resetting of DRBG entropy, and providing Additional Data. This should only be enabled for CAVP testing. You should say no unless you know what this is.

Symbol: CRYPTO_USER_API_RNG_CAVP [=n] Type : bool Defined at crypto/Kconfig:1895 Prompt: Enable CAVP testing of DRBG Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG [=y] Location: -> Cryptographic API (CRYPTO [=y]) -> User-space interface for random number generator algorithms (CRYPTO_USER_API_RNG [=y])

Cc: Herbert Xu herbert.xu@redhat.com Cc: "David S. Miller" davem@redhat.com Cc: Ondrej Mosnacek omosnace@redhat.com Signed-off-by: Fedora Kernel Team kernel-team@fedoraproject.org

Merge request reports