From: Herbert Xu on gitlab.com
On Tue, Oct 20, 2020 at 02:50:15PM +0200, Ondrej Mosnacek wrote:
Looking at the current state of SM* configs in ARK, there seems to be
ark/generic/CONFIG_CRYPTO_SM3:# CONFIG_CRYPTO_SM3 is not set
ark/generic/CONFIG_CRYPTO_SM4:# CONFIG_CRYPTO_SM4 is not set
CONFIG_CRYPTO_SM3_ARM64_CE is not set
Why is CONFIG_CRYPTO_SM4 enabled only on aarch64? Why is
CONFIG_CRYPTO_SM3_ARM64_CE enabled, but CONFIG_CRYPTO_SM3 is not?
These should be consolidated.
Herbert, what is your opinion? I guess we would like to have the
Chinese algorithms enabled on ARK/RHEL? It seems very likely that some
Chinese customers would want them.
I agree, setting these options all to m would make sense.
I'd be inclined to recommend disabling this (and the 4
configs - see ) in both Fedora and ARK. These somewhat obscure
algorithms have no in-kernel users and it is very unlikely that they
would be used from userspace (via dm-crypt/AF_ALG). Opinions?
Yes we should do that.
> This option enables extra API for CAVP testing via the user-space
> interface: resetting of DRBG entropy, and providing Additional
> This should only be enabled for CAVP testing. You should say
> no unless you know what this is.
> Symbol: CRYPTO_USER_API_RNG_CAVP [=n]
> Type : bool
> Defined at crypto/Kconfig:1895
> Prompt: Enable CAVP testing of DRBG
> Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] &&
> -> Cryptographic API (CRYPTO [=y])
> -> User-space interface for random number generator
I don't know if this would be useful for some certification on RHEL,
but probably can be left disabled.