Re: [PATCH] KEYS: encrypted: Remove unnecessary selection of CRYPTO_RNG

Next message: Bjorn Helgaas: "Re: [PATCH v3] PCI: pciehp: Fix hotplug on Catlow Lake with unreliable PME status"
Previous message: Ira Weiny: "Re: [PATCH V9 1/8] dax: move dax_pgoff_to_phys from [drivers/dax/] device.c to bus.c"
Next in thread: Eric Biggers: "Re: [PATCH] KEYS: encrypted: Remove unnecessary selection of CRYPTO_RNG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mimi Zohar

Date: Tue Mar 24 2026 - 19:46:25 EST

Hi Eric,

On Sat, 2026-03-21 at 15:42 -0700, Eric Biggers wrote:
> encrypted-keys uses the regular Linux RNG (get_random_bytes()), not the
> duplicative crypto_rng one. So it does not need to select CRYPTO_RNG.
>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>

Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

> ---
>
> This patch is targeting the keyrings tree

Not sure what you mean by targeting the keyrings tree. I can definitely queue
it.

>
> security/keys/Kconfig | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/security/keys/Kconfig b/security/keys/Kconfig
> index 84f39e50ca36..f4510d8cb485 100644
> --- a/security/keys/Kconfig
> +++ b/security/keys/Kconfig
> @@ -85,11 +85,10 @@ config ENCRYPTED_KEYS
> tristate "ENCRYPTED KEYS"
> select CRYPTO
> select CRYPTO_AES
> select CRYPTO_CBC
> select CRYPTO_LIB_SHA256
> - select CRYPTO_RNG
> help
> This option provides support for create/encrypting/decrypting keys
> in the kernel. Encrypted keys are instantiated using kernel
> generated random numbers or provided decrypted data, and are
> encrypted/decrypted with a 'master' symmetric key. The 'master'
>
> base-commit: 113ae7b4decc6c2d95bdbbe52e615a0137ef7f9f