1. Patchew
  2. linux
  3. View series

[PATCH] KEYS: encrypted: Remove unnecessary selection of CRYPTO_RNG

Eric Biggers posted 1 patch 1 week, 5 days ago 
security/keys/Kconfig | 1 -
1 file changed, 1 deletion(-)
[PATCH] KEYS: encrypted: Remove unnecessary selection of CRYPTO_RNG
Posted by Eric Biggers 1 week, 5 days ago 
encrypted-keys uses the regular Linux RNG (get_random_bytes()), not the
duplicative crypto_rng one.  So it does not need to select CRYPTO_RNG.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---

This patch is targeting the keyrings tree

 security/keys/Kconfig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index 84f39e50ca36..f4510d8cb485 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -85,11 +85,10 @@ config ENCRYPTED_KEYS
 	tristate "ENCRYPTED KEYS"
 	select CRYPTO
 	select CRYPTO_AES
 	select CRYPTO_CBC
 	select CRYPTO_LIB_SHA256
-	select CRYPTO_RNG
 	help
 	  This option provides support for create/encrypting/decrypting keys
 	  in the kernel.  Encrypted keys are instantiated using kernel
 	  generated random numbers or provided decrypted data, and are
 	  encrypted/decrypted with a 'master' symmetric key. The 'master'

base-commit: 113ae7b4decc6c2d95bdbbe52e615a0137ef7f9f
-- 
2.53.0
Re: [PATCH] KEYS: encrypted: Remove unnecessary selection of CRYPTO_RNG
Posted by Mimi Zohar 1 week, 2 days ago 
Hi Eric,

On Sat, 2026-03-21 at 15:42 -0700, Eric Biggers wrote:
> encrypted-keys uses the regular Linux RNG (get_random_bytes()), not the
> duplicative crypto_rng one.  So it does not need to select CRYPTO_RNG.
> 
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>

> ---
> 
> This patch is targeting the keyrings tree

Not sure what you mean by targeting the keyrings tree. I can definitely queue
it.

> 
>  security/keys/Kconfig | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/security/keys/Kconfig b/security/keys/Kconfig
> index 84f39e50ca36..f4510d8cb485 100644
> --- a/security/keys/Kconfig
> +++ b/security/keys/Kconfig
> @@ -85,11 +85,10 @@ config ENCRYPTED_KEYS
>  	tristate "ENCRYPTED KEYS"
>  	select CRYPTO
>  	select CRYPTO_AES
>  	select CRYPTO_CBC
>  	select CRYPTO_LIB_SHA256
> -	select CRYPTO_RNG
>  	help
>  	  This option provides support for create/encrypting/decrypting keys
>  	  in the kernel.  Encrypted keys are instantiated using kernel
>  	  generated random numbers or provided decrypted data, and are
>  	  encrypted/decrypted with a 'master' symmetric key. The 'master'
> 
> base-commit: 113ae7b4decc6c2d95bdbbe52e615a0137ef7f9f
Re: [PATCH] KEYS: encrypted: Remove unnecessary selection of CRYPTO_RNG
Posted by Eric Biggers 1 week, 2 days ago 
On Tue, Mar 24, 2026 at 07:46:10PM -0400, Mimi Zohar wrote:
> Hi Eric,
> 
> On Sat, 2026-03-21 at 15:42 -0700, Eric Biggers wrote:
> > encrypted-keys uses the regular Linux RNG (get_random_bytes()), not the
> > duplicative crypto_rng one.  So it does not need to select CRYPTO_RNG.
> > 
> > Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> 
> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> 
> > ---
> > 
> > This patch is targeting the keyrings tree
> 
> Not sure what you mean by targeting the keyrings tree. I can definitely queue
> it.

Last time I sent a patch for encrypted-keys, Jarkko took it.  If you'd
like to take it instead, that's fine with me.  As long as someone does
it.  Thanks,

- Eric

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.