From: Fedora Kernel Team kernel-team@fedoraproject.org
[redhat] New configs in crypto/Kconfig
Hi,
As part of the ongoing rebase effort, the following configuration options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply with a better option.
CONFIG_CRYPTO_SM2:
Generic implementation of the SM2 public key algorithm. It was published by State Encryption Management Bureau, China. as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
References: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml http://www.gmbz.org.cn/main/bzlb.html
Symbol: CRYPTO_SM2 [=n] Type : tristate Defined at crypto/Kconfig:263 Prompt: SM2 algorithm Depends on: CRYPTO [=y] Location: -> Cryptographic API (CRYPTO [=y]) Selects: CRYPTO_SM3 [=n] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y] && MPILIB [=y] && ASN1 [=y]
---
CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE:
Allow obsolete cryptographic algorithms to be selected that have already been phased out from internal use by the kernel, and are only useful for userspace clients that still rely on them.
Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y] Type : bool Defined at crypto/Kconfig:1915 Prompt: Enable obsolete cryptographic algorithms for userspace Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y] Location: -> Cryptographic API (CRYPTO [=y])
---
CONFIG_CRYPTO_USER_API_RNG_CAVP:
This option enables extra API for CAVP testing via the user-space interface: resetting of DRBG entropy, and providing Additional Data. This should only be enabled for CAVP testing. You should say no unless you know what this is.
Symbol: CRYPTO_USER_API_RNG_CAVP [=n] Type : bool Defined at crypto/Kconfig:1895 Prompt: Enable CAVP testing of DRBG Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG [=y] Location: -> Cryptographic API (CRYPTO [=y]) -> User-space interface for random number generator algorithms (CRYPTO_USER_API_RNG [=y])
---
Cc: Herbert Xu herbert.xu@redhat.com Cc: "David S. Miller" davem@redhat.com Cc: Ondrej Mosnacek omosnace@redhat.com Signed-off-by: Fedora Kernel Team kernel-team@fedoraproject.org
diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3 b/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3 --- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3 +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_CRYPTO_SM3 is not set diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE b/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE --- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4_ARM64_CE +++ /dev/null @@ -1 +0,0 @@ -CONFIG_CRYPTO_SM4_ARM64_CE=m diff a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE b/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE --- a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_CRYPTO_SM3_ARM64_CE is not set diff a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4 b/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4 --- a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_SM4 +++ /dev/null @@ -1 +0,0 @@ -CONFIG_CRYPTO_SM4=m diff a/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE --- /dev/null +++ b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE @@ -0,0 +1 @@ +CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y diff a/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS b/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS --- a/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_ANUBIS @@ -1 +1 @@ -CONFIG_CRYPTO_ANUBIS=m +# CONFIG_CRYPTO_ANUBIS is not set diff a/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4 b/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4 --- a/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4 +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_ARC4 @@ -1 +1 @@ -CONFIG_CRYPTO_ARC4=m +# CONFIG_CRYPTO_ARC4 is not set diff a/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD b/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD --- a/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_KHAZAD @@ -1 +1 @@ -CONFIG_CRYPTO_KHAZAD=m +# CONFIG_CRYPTO_KHAZAD is not set diff a/redhat/configs/common/generic/CONFIG_CRYPTO_SEED b/redhat/configs/common/generic/CONFIG_CRYPTO_SEED --- a/redhat/configs/common/generic/CONFIG_CRYPTO_SEED +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SEED @@ -1 +1 @@ -CONFIG_CRYPTO_SEED=m +# CONFIG_CRYPTO_SEED is not set diff a/redhat/configs/common/generic/CONFIG_CRYPTO_SM2 b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2 --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM2 @@ -0,0 +1 @@ +CONFIG_CRYPTO_SM2=m diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM3 b/redhat/configs/common/generic/CONFIG_CRYPTO_SM3 --- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM3 +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM3 diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4 b/redhat/configs/common/generic/CONFIG_CRYPTO_SM4 --- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM4 +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_SM4 diff a/redhat/configs/common/generic/CONFIG_CRYPTO_TEA b/redhat/configs/common/generic/CONFIG_CRYPTO_TEA --- a/redhat/configs/common/generic/CONFIG_CRYPTO_TEA +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_TEA @@ -1 +1 @@ -CONFIG_CRYPTO_TEA=m +# CONFIG_CRYPTO_TEA is not set diff a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE @@ -0,0 +1 @@ +# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set diff a/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP @@ -0,0 +1 @@ +# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set diff a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE --- a/redhat/configs/ark/generic/CONFIG_CRYPTO_SM3_ARM64_CE +++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM3_ARM64_CE diff a/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE --- /dev/null +++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_CRYPTO_SM4_ARM64_CE @@ -0,0 +1 @@ +# CONFIG_CRYPTO_SM4_ARM64_CE is not set diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2 b/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2 --- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_SM2 +++ /dev/null @@ -1,23 +0,0 @@ -# CONFIG_CRYPTO_SM2: -# -# Generic implementation of the SM2 public key algorithm. It was -# published by State Encryption Management Bureau, China. -# as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. -# -# References: -# https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 -# http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml -# http://www.gmbz.org.cn/main/bzlb.html -# -# Symbol: CRYPTO_SM2 [=n] -# Type : tristate -# Defined at crypto/Kconfig:263 -# Prompt: SM2 algorithm -# Depends on: CRYPTO [=y] -# Location: -# -> Cryptographic API (CRYPTO [=y]) -# Selects: CRYPTO_SM3 [=m] && CRYPTO_AKCIPHER [=y] && CRYPTO_MANAGER [=y] && MPILIB [=y] && ASN1 [=y] -# -# -# -CONFIG_CRYPTO_SM2=m diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE b/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE --- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE +++ /dev/null @@ -1,17 +0,0 @@ -# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE: -# -# Allow obsolete cryptographic algorithms to be selected that have -# already been phased out from internal use by the kernel, and are -# only useful for userspace clients that still rely on them. -# -# Symbol: CRYPTO_USER_API_ENABLE_OBSOLETE [=y] -# Type : bool -# Defined at crypto/Kconfig:1915 -# Prompt: Enable obsolete cryptographic algorithms for userspace -# Depends on: CRYPTO [=y] && CRYPTO_USER_API [=y] -# Location: -# -> Cryptographic API (CRYPTO [=y]) -# -# -# -# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set diff a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP b/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP --- a/redhat/configs/fedora/generic/CONFIG_CRYPTO_USER_API_RNG_CAVP +++ /dev/null @@ -1,19 +0,0 @@ -# CONFIG_CRYPTO_USER_API_RNG_CAVP: -# -# This option enables extra API for CAVP testing via the user-space -# interface: resetting of DRBG entropy, and providing Additional Data. -# This should only be enabled for CAVP testing. You should say -# no unless you know what this is. -# -# Symbol: CRYPTO_USER_API_RNG_CAVP [=n] -# Type : bool -# Defined at crypto/Kconfig:1895 -# Prompt: Enable CAVP testing of DRBG -# Depends on: CRYPTO [=y] && CRYPTO_USER_API_RNG [=y] && CRYPTO_DRBG [=y] -# Location: -# -> Cryptographic API (CRYPTO [=y]) -# -> User-space interface for random number generator algorithms (CRYPTO_USER_API_RNG [=y]) -# -# -# -# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
-- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/698