From: Eric Biggers <ebiggers@kernel.org>
Date: Mon, 20 Apr 2026 06:33:50 +0000 (-0700)
Subject: crypto: drbg - Remove always-enabled symbol CRYPTO_DRBG_HMAC
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=f01d721cb809cb47db1afcf629d57e2aa18ae3c6;p=thirdparty%2Fkernel%2Flinux.git

crypto: drbg - Remove always-enabled symbol CRYPTO_DRBG_HMAC

The kconfig symbol CRYPTO_DRBG_HMAC is always enabled when
CRYPTO_DRBG_MENU is enabled, and all checks for CRYPTO_DRBG_HMAC are in
code conditional on CRYPTO_DRBG_MENU.  Thus, the only purpose of the
CRYPTO_DRBG_HMAC symbol is to select CRYPTO_HMAC and CRYPTO_SHA512.

Move those two selections to CRYPTO_DRBG_MENU, remove the checks for
CRYPTO_DRBG_HMAC, and remove the CRYPTO_DRBG_HMAC symbol itself.

Note that this also fixes an issue where CRYPTO_HMAC and CRYPTO_SHA512
were unnecessarily being forced to built-in when CRYPTO_DRBG=m.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 103d1f58cb7c2..34da01c153d6b 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1122,12 +1122,6 @@ menuconfig CRYPTO_DRBG_MENU
 
 if CRYPTO_DRBG_MENU
 
-config CRYPTO_DRBG_HMAC
-	bool
-	default y
-	select CRYPTO_HMAC
-	select CRYPTO_SHA512
-
 config CRYPTO_DRBG_HASH
 	bool "Hash_DRBG"
 	select CRYPTO_SHA256
@@ -1147,8 +1141,10 @@ config CRYPTO_DRBG_CTR
 config CRYPTO_DRBG
 	tristate
 	default CRYPTO_DRBG_MENU
-	select CRYPTO_RNG
+	select CRYPTO_HMAC
 	select CRYPTO_JITTERENTROPY
+	select CRYPTO_RNG
+	select CRYPTO_SHA512
 
 endif	# if CRYPTO_DRBG_MENU
 
diff --git a/crypto/drbg.c b/crypto/drbg.c
index e3065fb9541b2..f6bff275c31bb 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -161,7 +161,6 @@ static const struct drbg_core drbg_cores[] = {
 		.backend_cra_name = "sha256",
 	},
 #endif /* CONFIG_CRYPTO_DRBG_HASH */
-#ifdef CONFIG_CRYPTO_DRBG_HMAC
 	{
 		.flags = DRBG_HMAC | DRBG_STRENGTH256,
 		.statelen = 48, /* block length of cipher */
@@ -181,7 +180,6 @@ static const struct drbg_core drbg_cores[] = {
 		.cra_name = "hmac_sha512",
 		.backend_cra_name = "hmac(sha512)",
 	},
-#endif /* CONFIG_CRYPTO_DRBG_HMAC */
 };
 
 static int drbg_uninstantiate(struct drbg_state *drbg);
@@ -406,16 +404,13 @@ static const struct drbg_state_ops drbg_ctr_ops = {
  * HMAC DRBG callback functions
  ******************************************************************/
 
-#if defined(CONFIG_CRYPTO_DRBG_HASH) || defined(CONFIG_CRYPTO_DRBG_HMAC)
 static int drbg_kcapi_hash(struct drbg_state *drbg, unsigned char *outval,
 			   const struct list_head *in);
 static void drbg_kcapi_hmacsetkey(struct drbg_state *drbg,
 				  const unsigned char *key);
 static int drbg_init_hash_kernel(struct drbg_state *drbg);
 static int drbg_fini_hash_kernel(struct drbg_state *drbg);
-#endif /* (CONFIG_CRYPTO_DRBG_HASH || CONFIG_CRYPTO_DRBG_HMAC) */
 
-#ifdef CONFIG_CRYPTO_DRBG_HMAC
 #define CRYPTO_DRBG_HMAC_STRING "HMAC "
 MODULE_ALIAS_CRYPTO("drbg_pr_hmac_sha512");
 MODULE_ALIAS_CRYPTO("drbg_nopr_hmac_sha512");
@@ -527,7 +522,6 @@ static const struct drbg_state_ops drbg_hmac_ops = {
 	.crypto_init	= drbg_init_hash_kernel,
 	.crypto_fini	= drbg_fini_hash_kernel,
 };
-#endif /* CONFIG_CRYPTO_DRBG_HMAC */
 
 /******************************************************************
  * Hash DRBG callback functions
@@ -1046,11 +1040,9 @@ static inline int drbg_alloc_state(struct drbg_state *drbg)
 	unsigned int sb_size = 0;
 
 	switch (drbg->core->flags & DRBG_TYPE_MASK) {
-#ifdef CONFIG_CRYPTO_DRBG_HMAC
 	case DRBG_HMAC:
 		drbg->d_ops = &drbg_hmac_ops;
 		break;
-#endif /* CONFIG_CRYPTO_DRBG_HMAC */
 #ifdef CONFIG_CRYPTO_DRBG_HASH
 	case DRBG_HASH:
 		drbg->d_ops = &drbg_hash_ops;
@@ -1431,7 +1423,6 @@ static void drbg_kcapi_set_entropy(struct crypto_rng *tfm,
  * Kernel crypto API cipher invocations requested by DRBG
  ***************************************************************/
 
-#if defined(CONFIG_CRYPTO_DRBG_HASH) || defined(CONFIG_CRYPTO_DRBG_HMAC)
 struct sdesc {
 	struct shash_desc shash;
 };
@@ -1491,7 +1482,6 @@ static int drbg_kcapi_hash(struct drbg_state *drbg, unsigned char *outval,
 		crypto_shash_update(&sdesc->shash, input->buf, input->len);
 	return crypto_shash_final(&sdesc->shash, outval);
 }
-#endif /* (CONFIG_CRYPTO_DRBG_HASH || CONFIG_CRYPTO_DRBG_HMAC) */
 
 #ifdef CONFIG_CRYPTO_DRBG_CTR
 static int drbg_fini_sym_kernel(struct drbg_state *drbg)
@@ -1757,9 +1747,7 @@ static inline int __init drbg_healthcheck_sanity(void)
 #ifdef CONFIG_CRYPTO_DRBG_HASH
 	drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr);
 #endif
-#ifdef CONFIG_CRYPTO_DRBG_HMAC
 	drbg_convert_tfm_core("drbg_nopr_hmac_sha512", &coreref, &pr);
-#endif
 
 	drbg = kzalloc_obj(struct drbg_state);
 	if (!drbg)
@@ -1887,9 +1875,6 @@ module_exit(drbg_exit);
 #ifndef CRYPTO_DRBG_HASH_STRING
 #define CRYPTO_DRBG_HASH_STRING ""
 #endif
-#ifndef CRYPTO_DRBG_HMAC_STRING
-#define CRYPTO_DRBG_HMAC_STRING ""
-#endif
 #ifndef CRYPTO_DRBG_CTR_STRING
 #define CRYPTO_DRBG_CTR_STRING ""
 #endif