diff options
author | 8aed <8aed@riseup.net> | 2023-11-04 05:08:09 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-11-13 15:33:33 +0100 |
commit | ee137e017ce5c73113f83506f588d3e2cdbce95d (patch) | |
tree | 23637ddeb319e1c2ee3cf4e754ff17fd716ae2e3 /pkgs/os-specific/linux/kernel/common-config.nix | |
parent | edfad58322dae6ceead104134d481f54fe4d62ef (diff) |
linux: enable the NIST SP800-90A DRBG
Diffstat (limited to 'pkgs/os-specific/linux/kernel/common-config.nix')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index fb583551f1b6b..1aedcdc7c0fdf 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -562,6 +562,13 @@ let KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; # randomized slab caches RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; + + # NIST SP800-90A DRBG modes - enabled by most distributions + # and required by some out-of-tree modules (ShuffleCake) + # This does not include the NSA-backdoored Dual-EC mode from the same NIST publication. + CRYPTO_DRBG_HASH = yes; + CRYPTO_DRBG_CTR = yes; + } // optionalAttrs stdenv.hostPlatform.isx86_64 { # Enable Intel SGX X86_SGX = whenAtLeast "5.11" yes; |