crypto: fips - Depend on ansi_cprng

What about something like this?  It defaults the CPRNG to m and makes FIPS
dependent on the CPRNG.  That way you get a module build by default, but you can
change it to y manually during config and still satisfy the dependency, and if
you select N it disables FIPS as well.  I rather like that better than making
FIPS a tristate.  I just tested it out here and it seems to work well.  Let me
know what you think

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 1db09958eb713f452f88239f5f149f05026e8fe0..762344202725dd456fb99cce45ce88e03e79acde 100644 (file)
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -23,11 +23,13 @@ comment "Crypto core or helper"
 
 config CRYPTO_FIPS
        bool "FIPS 200 compliance"
+       depends on CRYPTO_ANSI_CPRNG
        help
          This options enables the fips boot option which is
          required if you want to system to operate in a FIPS 200
          certification.  You should say no unless you know what
-         this is.
+         this is. Note that CRYPTO_ANSI_CPRNG is requred if this
+         option is selected
 
 config CRYPTO_ALGAPI
        tristate
@@ -787,12 +789,14 @@ comment "Random Number Generation"
 
 config CRYPTO_ANSI_CPRNG
        tristate "Pseudo Random Number Generation for Cryptographic modules"
+       default m
        select CRYPTO_AES
        select CRYPTO_RNG
        help
          This option enables the generic pseudo random number generator
          for cryptographic modules.  Uses the Algorithm specified in
-         ANSI X9.31 A.2.4
+         ANSI X9.31 A.2.4. Not this option must be enabled if CRYPTO_FIPS 
+         is selected
 
 source "drivers/crypto/Kconfig"