commit ee137e017ce5c73113f83506f588d3e2cdbce95d · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

linux: enable the NIST SP800-90A DRBG

authored by 8aed and committed by Alyssa Ross 2 years ago ee137e01 edfad583

1 changed file

expand all

unified split

pkgs

os-specific

linux

kernel

common-config.nix

pkgs/os-specific/linux/kernel/common-config.nix

··· 562 KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; 563 # randomized slab caches 564 RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; 565 } // optionalAttrs stdenv.hostPlatform.isx86_64 { 566 # Enable Intel SGX 567 X86_SGX = whenAtLeast "5.11" yes;

··· 562 KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; 563 # randomized slab caches 564 RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; 565 + 566 + # NIST SP800-90A DRBG modes - enabled by most distributions 567 + # and required by some out-of-tree modules (ShuffleCake) 568 + # This does not include the NSA-backdoored Dual-EC mode from the same NIST publication. 569 + CRYPTO_DRBG_HASH = yes; 570 + CRYPTO_DRBG_CTR = yes; 571 + 572 } // optionalAttrs stdenv.hostPlatform.isx86_64 { 573 # Enable Intel SGX 574 X86_SGX = whenAtLeast "5.11" yes;