On Fri, May 03, 2019 at 07:11:23AM +0200, Stephan Mueller wrote:
>
> > > diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
> > > index 3fb581bf3b87..939051480c83 100644
> > > --- a/include/crypto/drbg.h
> > > +++ b/include/crypto/drbg.h
> > > @@ -129,6 +129,10 @@ struct drbg_state {
> > >
> > > bool seeded; /* DRBG fully seeded? */
> > > bool pr; /* Prediction resistance enabled? */
> > >
> > > +#if IS_ENABLED(CONFIG_CRYPTO_FIPS)
> > > + bool fips_primed; /* Continuous test primed? */
> > > + unsigned char *prev; /* FIPS 140-2 continuous test value */
> > > +#endif
> >
> > You can still use #ifdef here.
>
> The variables would need to be defined unconditionally if we use a runtime
> check in the C code. Is that what you want me to do?
Yes please do that. If we wanted to we can get around this by
using accessor functions to hide them but DRBG without FIPS
doesn't make much sense anyway so let's just include them
unconditionally.
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
