On Thu, May 02, 2019 at 06:38:12PM +0200, Stephan Müller wrote:
> +static int drbg_fips_continuous_test(struct drbg_state *drbg,
> + const unsigned char *entropy)
> +{
> +#if IS_ENABLED(CONFIG_CRYPTO_FIPS)
This should look like
if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
...
} else {
...
}
This way the compiler will see everything regardless of whether
FIPS is enabled or not.
> diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
> index 3fb581bf3b87..939051480c83 100644
> --- a/include/crypto/drbg.h
> +++ b/include/crypto/drbg.h
> @@ -129,6 +129,10 @@ struct drbg_state {
>
> bool seeded; /* DRBG fully seeded? */
> bool pr; /* Prediction resistance enabled? */
> +#if IS_ENABLED(CONFIG_CRYPTO_FIPS)
> + bool fips_primed; /* Continuous test primed? */
> + unsigned char *prev; /* FIPS 140-2 continuous test value */
> +#endif
You can still use #ifdef here.
Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
