@@ -3857,7 +3857,7 @@ CONFIG_CRYPTO_RSA=y

 # CONFIG_CRYPTO_DH is not set

 CONFIG_CRYPTO_ECC=m

 CONFIG_CRYPTO_ECDH=m

-# CONFIG_CRYPTO_ECDSA is not set

+CONFIG_CRYPTO_ECDSA=m

 # CONFIG_CRYPTO_ECRDSA is not set

 # CONFIG_CRYPTO_SM2 is not set

 # CONFIG_CRYPTO_CURVE25519 is not set

@@ -3888,7 +3888,7 @@ CONFIG_CRYPTO_SM4=m

 CONFIG_CRYPTO_ARC4=m

 # CONFIG_CRYPTO_CHACHA20 is not set

 CONFIG_CRYPTO_CBC=y

-# CONFIG_CRYPTO_CFB is not set

+CONFIG_CRYPTO_CFB=m

 CONFIG_CRYPTO_CTR=m

 # CONFIG_CRYPTO_CTS is not set

 CONFIG_CRYPTO_ECB=y

@@ -3667,6 +3667,8 @@ CONFIG_NFS_V4_2_SSC_HELPER=y

 CONFIG_SUNRPC=m

 CONFIG_SUNRPC_GSS=m

 CONFIG_SUNRPC_BACKCHANNEL=y

+CONFIG_RPCSEC_GSS_KRB5=m

+# CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set

 CONFIG_SUNRPC_DEBUG=y

 # CONFIG_CEPH_FS is not set

 CONFIG_CIFS=m

@@ -3860,8 +3862,8 @@ CONFIG_CRYPTO_MANAGER2=y

 # CONFIG_CRYPTO_USER is not set

 # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set

 # CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set

-CONFIG_CRYPTO_GF128MUL=m

-CONFIG_CRYPTO_NULL=m

+CONFIG_CRYPTO_GF128MUL=y

+CONFIG_CRYPTO_NULL=y

 CONFIG_CRYPTO_NULL2=y

 CONFIG_CRYPTO_PCRYPT=m

 CONFIG_CRYPTO_CRYPTD=m

@@ -3876,7 +3878,7 @@ CONFIG_CRYPTO_RSA=y

 # CONFIG_CRYPTO_DH is not set

 CONFIG_CRYPTO_ECC=m

 CONFIG_CRYPTO_ECDH=m

-# CONFIG_CRYPTO_ECDSA is not set

+CONFIG_CRYPTO_ECDSA=y

 # CONFIG_CRYPTO_ECRDSA is not set

 # CONFIG_CRYPTO_SM2 is not set

 # CONFIG_CRYPTO_CURVE25519 is not set

@@ -3906,9 +3908,9 @@ CONFIG_CRYPTO_DES=y

 CONFIG_CRYPTO_ARC4=m

 # CONFIG_CRYPTO_CHACHA20 is not set

 CONFIG_CRYPTO_CBC=y

-# CONFIG_CRYPTO_CFB is not set

+CONFIG_CRYPTO_CFB=y

 CONFIG_CRYPTO_CTR=m

-# CONFIG_CRYPTO_CTS is not set

+CONFIG_CRYPTO_CTS=y

 CONFIG_CRYPTO_ECB=y

 # CONFIG_CRYPTO_HCTR2 is not set

 # CONFIG_CRYPTO_KEYWRAP is not set

@@ -3921,8 +3923,8 @@ CONFIG_CRYPTO_XTS=y

 # AEAD (authenticated encryption with associated data) ciphers

 # CONFIG_CRYPTO_AEGIS128 is not set

 # CONFIG_CRYPTO_CHACHA20POLY1305 is not set

-CONFIG_CRYPTO_CCM=m

-CONFIG_CRYPTO_GCM=m

+CONFIG_CRYPTO_CCM=y

+CONFIG_CRYPTO_GCM=y

 CONFIG_CRYPTO_SEQIV=m

 CONFIG_CRYPTO_ECHAINIV=m

 CONFIG_CRYPTO_ESSIV=m

@@ -3930,8 +3932,8 @@ CONFIG_CRYPTO_ESSIV=m

 # Hashes, digests, and MACs

 CONFIG_CRYPTO_BLAKE2B=m

-CONFIG_CRYPTO_CMAC=m

-CONFIG_CRYPTO_GHASH=m

+CONFIG_CRYPTO_CMAC=y

+CONFIG_CRYPTO_GHASH=y

 CONFIG_CRYPTO_HMAC=y

 CONFIG_CRYPTO_MD4=m

 CONFIG_CRYPTO_MD5=y

@@ -6178,8 +6178,8 @@ CONFIG_CRYPTO_MANAGER2=y

 # CONFIG_CRYPTO_USER is not set

 # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set

 # CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set

-CONFIG_CRYPTO_GF128MUL=m

-CONFIG_CRYPTO_NULL=m

+CONFIG_CRYPTO_GF128MUL=y

+CONFIG_CRYPTO_NULL=y

 CONFIG_CRYPTO_NULL2=y

 # CONFIG_CRYPTO_PCRYPT is not set

 CONFIG_CRYPTO_CRYPTD=m

@@ -6196,7 +6196,7 @@ CONFIG_CRYPTO_RSA=y

 # CONFIG_CRYPTO_DH is not set

 CONFIG_CRYPTO_ECC=m

 CONFIG_CRYPTO_ECDH=m

-# CONFIG_CRYPTO_ECDSA is not set

+CONFIG_CRYPTO_ECDSA=y

 # CONFIG_CRYPTO_ECRDSA is not set

 # CONFIG_CRYPTO_SM2 is not set

 # CONFIG_CRYPTO_CURVE25519 is not set

@@ -6230,9 +6230,9 @@ CONFIG_CRYPTO_DES=y

 CONFIG_CRYPTO_ARC4=m

 # CONFIG_CRYPTO_CHACHA20 is not set

 CONFIG_CRYPTO_CBC=y

-# CONFIG_CRYPTO_CFB is not set

+CONFIG_CRYPTO_CFB=y

 CONFIG_CRYPTO_CTR=m

-CONFIG_CRYPTO_CTS=m

+CONFIG_CRYPTO_CTS=y

 CONFIG_CRYPTO_ECB=y

 # CONFIG_CRYPTO_HCTR2 is not set

 # CONFIG_CRYPTO_KEYWRAP is not set

@@ -6247,8 +6247,8 @@ CONFIG_CRYPTO_XTS=y

 #

 # CONFIG_CRYPTO_AEGIS128 is not set

 # CONFIG_CRYPTO_CHACHA20POLY1305 is not set

-CONFIG_CRYPTO_CCM=m

-CONFIG_CRYPTO_GCM=m

+CONFIG_CRYPTO_CCM=y

+CONFIG_CRYPTO_GCM=y

 CONFIG_CRYPTO_SEQIV=m

 CONFIG_CRYPTO_ECHAINIV=m

 CONFIG_CRYPTO_ESSIV=m

@@ -6258,8 +6258,8 @@ CONFIG_CRYPTO_ESSIV=m

 # Hashes, digests, and MACs

 #

 CONFIG_CRYPTO_BLAKE2B=m

-CONFIG_CRYPTO_CMAC=m

-CONFIG_CRYPTO_GHASH=m

+CONFIG_CRYPTO_CMAC=y

+CONFIG_CRYPTO_GHASH=y

 CONFIG_CRYPTO_HMAC=y

 CONFIG_CRYPTO_MD4=m

 CONFIG_CRYPTO_MD5=y

@@ -5098,8 +5098,8 @@ CONFIG_CRYPTO_MANAGER2=y

 # CONFIG_CRYPTO_USER is not set

 # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set

 # CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set

-CONFIG_CRYPTO_GF128MUL=m

-CONFIG_CRYPTO_NULL=m

+CONFIG_CRYPTO_GF128MUL=y

+CONFIG_CRYPTO_NULL=y

 CONFIG_CRYPTO_NULL2=y

 # CONFIG_CRYPTO_PCRYPT is not set

 CONFIG_CRYPTO_CRYPTD=y

@@ -5153,7 +5153,7 @@ CONFIG_CRYPTO_ARC4=m

 CONFIG_CRYPTO_CBC=y

 CONFIG_CRYPTO_CFB=y

 CONFIG_CRYPTO_CTR=y

-CONFIG_CRYPTO_CTS=m

+CONFIG_CRYPTO_CTS=y

 CONFIG_CRYPTO_ECB=y

 # CONFIG_CRYPTO_HCTR2 is not set

 # CONFIG_CRYPTO_KEYWRAP is not set

@@ -5169,7 +5169,7 @@ CONFIG_CRYPTO_XTS=y

 # CONFIG_CRYPTO_AEGIS128 is not set

 # CONFIG_CRYPTO_CHACHA20POLY1305 is not set

 CONFIG_CRYPTO_CCM=y

-CONFIG_CRYPTO_GCM=m

+CONFIG_CRYPTO_GCM=y

 CONFIG_CRYPTO_SEQIV=m

 CONFIG_CRYPTO_ECHAINIV=m

 CONFIG_CRYPTO_ESSIV=m

@@ -5179,8 +5179,8 @@ CONFIG_CRYPTO_ESSIV=m

 # Hashes, digests, and MACs

 #

 CONFIG_CRYPTO_BLAKE2B=m

-CONFIG_CRYPTO_CMAC=m

-CONFIG_CRYPTO_GHASH=m

+CONFIG_CRYPTO_CMAC=y

+CONFIG_CRYPTO_GHASH=y

 CONFIG_CRYPTO_HMAC=y

 CONFIG_CRYPTO_MD4=m

 CONFIG_CRYPTO_MD5=y

@@ -7092,7 +7092,7 @@ CONFIG_CRYPTO_RSA=y

 # CONFIG_CRYPTO_DH is not set

 CONFIG_CRYPTO_ECC=y

 CONFIG_CRYPTO_ECDH=y

-# CONFIG_CRYPTO_ECDSA is not set

+CONFIG_CRYPTO_ECDSA=y

 # CONFIG_CRYPTO_ECRDSA is not set

 # CONFIG_CRYPTO_SM2 is not set

 # CONFIG_CRYPTO_CURVE25519 is not set

@@ -7122,7 +7122,7 @@ CONFIG_CRYPTO_DES=y

 CONFIG_CRYPTO_ARC4=m

 # CONFIG_CRYPTO_CHACHA20 is not set

 CONFIG_CRYPTO_CBC=y

-# CONFIG_CRYPTO_CFB is not set

+CONFIG_CRYPTO_CFB=y

 CONFIG_CRYPTO_CTR=y

 CONFIG_CRYPTO_CTS=m

 CONFIG_CRYPTO_ECB=y

@@ -6041,8 +6041,8 @@ CONFIG_CRYPTO_MANAGER2=y

 # CONFIG_CRYPTO_USER is not set

 # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set

 # CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set

-CONFIG_CRYPTO_GF128MUL=m

-CONFIG_CRYPTO_NULL=m

+CONFIG_CRYPTO_GF128MUL=y

+CONFIG_CRYPTO_NULL=y

 CONFIG_CRYPTO_NULL2=y

 # CONFIG_CRYPTO_PCRYPT is not set

 CONFIG_CRYPTO_CRYPTD=y

@@ -6058,7 +6058,7 @@ CONFIG_CRYPTO_RSA=y

 # CONFIG_CRYPTO_DH is not set

 CONFIG_CRYPTO_ECC=y

 CONFIG_CRYPTO_ECDH=y

-# CONFIG_CRYPTO_ECDSA is not set

+CONFIG_CRYPTO_ECDSA=y

 # CONFIG_CRYPTO_ECRDSA is not set

 # CONFIG_CRYPTO_SM2 is not set

 # CONFIG_CRYPTO_CURVE25519 is not set

@@ -6088,9 +6088,9 @@ CONFIG_CRYPTO_DES=y

 CONFIG_CRYPTO_ARC4=m

 # CONFIG_CRYPTO_CHACHA20 is not set

 CONFIG_CRYPTO_CBC=y

-# CONFIG_CRYPTO_CFB is not set

+CONFIG_CRYPTO_CFB=y

 CONFIG_CRYPTO_CTR=y

-CONFIG_CRYPTO_CTS=m

+CONFIG_CRYPTO_CTS=y

 CONFIG_CRYPTO_ECB=y

 # CONFIG_CRYPTO_HCTR2 is not set

 # CONFIG_CRYPTO_KEYWRAP is not set

@@ -6103,8 +6103,8 @@ CONFIG_CRYPTO_XTS=y

 # AEAD (authenticated encryption with associated data) ciphers

 # CONFIG_CRYPTO_AEGIS128 is not set

 # CONFIG_CRYPTO_CHACHA20POLY1305 is not set

-CONFIG_CRYPTO_CCM=m

-CONFIG_CRYPTO_GCM=m

+CONFIG_CRYPTO_CCM=y

+CONFIG_CRYPTO_GCM=y

 CONFIG_CRYPTO_SEQIV=m

 CONFIG_CRYPTO_ECHAINIV=m

 CONFIG_CRYPTO_ESSIV=m

@@ -6112,8 +6112,8 @@ CONFIG_CRYPTO_ESSIV=m

 # Hashes, digests, and MACs

 CONFIG_CRYPTO_BLAKE2B=m

-CONFIG_CRYPTO_CMAC=m

-CONFIG_CRYPTO_GHASH=m

+CONFIG_CRYPTO_CMAC=y

+CONFIG_CRYPTO_GHASH=y

 CONFIG_CRYPTO_HMAC=y

 CONFIG_CRYPTO_MD4=m

 CONFIG_CRYPTO_MD5=y

deleted file mode 100644

@@ -1,267 +0,0 @@

-From 6210be8ad27fcc388eeb4f38526e517ff17e42a0 Mon Sep 17 00:00:00 2001

-From: Keerthana K <keerthanak@vmware.com>

-Date: Mon, 11 Jan 2021 16:46:43 +0000

-Subject: [PATCH 1/2] FIPS canister binary usage

-

-Build with fips canister and skip building crypto algorithms.

-Invoke fips canister integrity check during kernel startup.

-

-This patch can be used at two stages:

- 1. Prerequisite patch for canister creation.

- 2. Binary canister usage time.

-

-Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>

-Signed-off-by: Keerthana K <keerthanak@vmware.com>

-Signed-off-by: Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com>

- arch/x86/crypto/Makefile |  4 --

- crypto/Makefile          | 88 ++++++++++++++++++++++++++++++++--------

- init/main.c              |  3 ++

- lib/crypto/Makefile      | 12 ------

- 4 files changed, 74 insertions(+), 33 deletions(-)

-

-diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile

-index 3b1d701a4..3836c4e30 100644

-+++ b/arch/x86/crypto/Makefile

-@@ -46,10 +46,6 @@ obj-$(CONFIG_CRYPTO_CHACHA20_X86_64) += chacha-x86_64.o

- chacha-x86_64-y := chacha-avx2-x86_64.o chacha-ssse3-x86_64.o chacha_glue.o

- chacha-x86_64-$(CONFIG_AS_AVX512) += chacha-avx512vl-x86_64.o

- 

--obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o

--aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o

--aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o aes_ctrby8_avx-x86_64.o

--

- obj-$(CONFIG_CRYPTO_SHA1_SSSE3) += sha1-ssse3.o

- sha1-ssse3-y := sha1_avx2_x86_64_asm.o sha1_ssse3_asm.o sha1_ssse3_glue.o

- sha1-ssse3-$(CONFIG_AS_SHA1_NI) += sha1_ni_asm.o

-diff --git a/crypto/Makefile b/crypto/Makefile

-index d7fcab76d..7289ccb84 100644

-+++ b/crypto/Makefile

-@@ -40,7 +40,6 @@ rsa_generic-y += rsaprivkey.asn1.o

- rsa_generic-y += rsa.o

- rsa_generic-y += rsa_helper.o

- rsa_generic-y += rsa-pkcs1pad.o

--obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o

- 

- $(obj)/sm2signature.asn1.o: $(obj)/sm2signature.asn1.c $(obj)/sm2signature.asn1.h

- $(obj)/sm2.o: $(obj)/sm2signature.asn1.h

-@@ -49,7 +48,6 @@ sm2_generic-y += sm2signature.asn1.o

- sm2_generic-y += sm2.o

- 

- obj-$(CONFIG_CRYPTO_SM2) += sm2_generic.o

--obj-$(CONFIG_CRYPTO_SELF_TEST) += crypto_self_test.o

- 

- $(obj)/ecdsasignature.asn1.o: $(obj)/ecdsasignature.asn1.c $(obj)/ecdsasignature.asn1.h

- $(obj)/ecdsa.o: $(obj)/ecdsasignature.asn1.h

-@@ -63,21 +61,16 @@ obj-$(CONFIG_CRYPTO_ACOMP2) += crypto_acompress.o

- 

- cryptomgr-y := algboss.o testmgr.o

- 

--obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o

- obj-$(CONFIG_CRYPTO_USER) += crypto_user.o

- crypto_user-y := crypto_user_base.o

- crypto_user-$(CONFIG_CRYPTO_STATS) += crypto_user_stat.o

- obj-$(CONFIG_CRYPTO_CMAC) += cmac.o

--obj-$(CONFIG_CRYPTO_HMAC) += hmac.o

- obj-$(CONFIG_CRYPTO_VMAC) += vmac.o

- obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o

- obj-$(CONFIG_CRYPTO_NULL2) += crypto_null.o

- obj-$(CONFIG_CRYPTO_MD4) += md4.o

- obj-$(CONFIG_CRYPTO_MD5) += md5.o

- obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o

--obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o

--obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o

--obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o

- obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o

- obj-$(CONFIG_CRYPTO_SM3) += sm3.o

- obj-$(CONFIG_CRYPTO_SM3_GENERIC) += sm3_generic.o

-@@ -87,14 +80,10 @@ CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns)  # https://gcc.gnu.org/b

- obj-$(CONFIG_CRYPTO_BLAKE2B) += blake2b_generic.o

- CFLAGS_blake2b_generic.o := -Wframe-larger-than=4096 #  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105930

- obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o

--obj-$(CONFIG_CRYPTO_ECB) += ecb.o

--obj-$(CONFIG_CRYPTO_CBC) += cbc.o

- obj-$(CONFIG_CRYPTO_CFB) += cfb.o

- obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o

- obj-$(CONFIG_CRYPTO_CTS) += cts.o

- obj-$(CONFIG_CRYPTO_LRW) += lrw.o

--obj-$(CONFIG_CRYPTO_XTS) += xts.o

--obj-$(CONFIG_CRYPTO_CTR) += ctr.o

- obj-$(CONFIG_CRYPTO_XCTR) += xctr.o

- obj-$(CONFIG_CRYPTO_HCTR2) += hctr2.o

- obj-$(CONFIG_CRYPTO_KEYWRAP) += keywrap.o

-@@ -128,7 +117,6 @@ CFLAGS_aegis128-neon-inner.o += -isystem $(shell $(CC) -print-file-name=include)

- 

- obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o

- obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o

--obj-$(CONFIG_CRYPTO_DES) += des_generic.o

- obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o

- obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish_generic.o

- obj-$(CONFIG_CRYPTO_BLOWFISH_COMMON) += blowfish_common.o

-@@ -136,7 +124,6 @@ obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o

- obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o

- obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o

- CFLAGS_serpent_generic.o := $(call cc-option,-fsched-pressure)  # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149

--obj-$(CONFIG_CRYPTO_AES) += aes_generic.o

- CFLAGS_aes_generic.o := $(call cc-option,-fno-code-hoisting) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356

- obj-$(CONFIG_CRYPTO_SM4) += sm4.o

- obj-$(CONFIG_CRYPTO_SM4_GENERIC) += sm4_generic.o

-@@ -167,8 +154,6 @@ obj-$(CONFIG_CRYPTO_XXHASH) += xxhash_generic.o

- obj-$(CONFIG_CRYPTO_842) += 842.o

- obj-$(CONFIG_CRYPTO_RNG2) += rng.o

- obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o

--obj-$(CONFIG_CRYPTO_DRBG) += drbg.o

--obj-$(CONFIG_CRYPTO_JITTERENTROPY) += jitterentropy_rng.o

- CFLAGS_jitterentropy.o = -O0

- KASAN_SANITIZE_jitterentropy.o = n

- UBSAN_SANITIZE_jitterentropy.o = n

-@@ -183,13 +168,11 @@ obj-$(CONFIG_CRYPTO_USER_API_RNG) += algif_rng.o

- obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o

- obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o

- obj-$(CONFIG_CRYPTO_OFB) += ofb.o

--obj-$(CONFIG_CRYPTO_ECC) += ecc.o

- obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o

- obj-$(CONFIG_CRYPTO_CURVE25519) += curve25519-generic.o

- 

- ecdh_generic-y += ecdh.o

- ecdh_generic-y += ecdh_helper.o

--obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o

- 

- $(obj)/ecrdsa_params.asn1.o: $(obj)/ecrdsa_params.asn1.c $(obj)/ecrdsa_params.asn1.h

- $(obj)/ecrdsa_pub_key.asn1.o: $(obj)/ecrdsa_pub_key.asn1.c $(obj)/ecrdsa_pub_key.asn1.h

-@@ -213,3 +196,74 @@ obj-$(CONFIG_CRYPTO_SIMD) += crypto_simd.o

- # Key derivation function

- #

- obj-$(CONFIG_CRYPTO_KDF800108_CTR) += kdf_sp800108.o

-+

-+obj-$(CONFIG_CRYPTO_FIPS) += fips_canister_wrapper.o fips_canister.o

-+

-+ifdef CONFIG_CRYPTO_FIPS

-+ifneq ($(CONFIG_CRYPTO_FIPS),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_FIPS=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_AEAD)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_AEAD=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_RSA)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_RSA=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_MANAGER)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_MANAGER=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_MANAGER2)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_MANAGER2=y)

-+endif

-+ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS

-+  $(error FIPS canister requires CONFIG_CRYPTO_MANAGER_DISABLE_TESTS to be unset)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_HMAC)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_HMAC=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_SHA256)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_SHA256=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_SHA512)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_SHA512=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_AES)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_AES=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_DES)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_DES=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_ECB)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_ECB=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_CBC)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_CBC=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_XTS)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_XTS=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_CTR)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_CTR=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_DRBG)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_DRBG=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_DRBG_HASH)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_DRBG_HASH=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_DRBG_CTR)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_DRBG_CTR=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_JITTERENTROPY)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_JITTERENTROPY=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_ECC)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_ECC=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_ECDH)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_ECDH=y)

-+endif

-+ifneq ($(subst Y,y,$(CONFIG_CRYPTO_AES_NI_INTEL)),y)

-+  $(error FIPS canister requires CONFIG_CRYPTO_AES_NI_INTEL=y)

-+endif

-+endif

-diff --git a/init/main.c b/init/main.c

-index aa21add5f..4db7e4edd 100644

-+++ b/init/main.c

-@@ -885,6 +885,8 @@ static int __init early_randomize_kstack_offset(char *buf)

- early_param("randomize_kstack_offset", early_randomize_kstack_offset);

- #endif

- 

-+extern int fips_integrity_init(void);

-+

- void __init __weak arch_call_rest_init(void)

- {

- 	rest_init();

-@@ -986,6 +988,7 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)

- 	/* Architectural and non-timekeeping rng init, before allocator init */

- 	random_init_early(command_line);

- 

-+	fips_integrity_init();

- 	/*

- 	 * These use large bootmem allocations and must precede

- 	 * kmem_cache_init()

-diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile

-index c852f067a..84ec57dba 100644

-+++ b/lib/crypto/Makefile

-@@ -7,9 +7,6 @@ libcryptoutils-y				:= memneq.o utils.o

- obj-y						+= chacha.o

- obj-$(CONFIG_CRYPTO_LIB_CHACHA_GENERIC)		+= libchacha.o

- 

--obj-$(CONFIG_CRYPTO_LIB_AES)			+= libaes.o

--libaes-y					:= aes.o

--

- obj-$(CONFIG_CRYPTO_LIB_ARC4)			+= libarc4.o

- libarc4-y					:= arc4.o

- 

-@@ -29,20 +26,11 @@ libcurve25519-generic-y				+= curve25519-generic.o

- obj-$(CONFIG_CRYPTO_LIB_CURVE25519)		+= libcurve25519.o

- libcurve25519-y					+= curve25519.o

- 

--obj-$(CONFIG_CRYPTO_LIB_DES)			+= libdes.o

--libdes-y					:= des.o

--

- obj-$(CONFIG_CRYPTO_LIB_POLY1305_GENERIC)	+= libpoly1305.o

- libpoly1305-y					:= poly1305-donna32.o

- libpoly1305-$(CONFIG_ARCH_SUPPORTS_INT128)	:= poly1305-donna64.o

- libpoly1305-y					+= poly1305.o

- 

--obj-$(CONFIG_CRYPTO_LIB_SHA1)			+= libsha1.o

--libsha1-y					:= sha1.o

--

--obj-$(CONFIG_CRYPTO_LIB_SHA256)			+= libsha256.o

--libsha256-y					:= sha256.o

--

- ifneq ($(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS),y)

- libblake2s-y					+= blake2s-selftest.o

- libchacha20poly1305-y				+= chacha20poly1305-selftest.o

-2.39.1

-

@@ -23,7 +23,7 @@

 Summary:        Kernel

 Name:           linux-esx

 Version:        6.1.10

-Release:        5%{?kat_build:.kat}%{?dist}

+Release:        6%{?kat_build:.kat}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org

 Group:          System Environment/Kernel

@@ -60,9 +60,9 @@ Source8:       https://sourceforge.net/projects/e1000/files/ice%20stable/%{ice_v

 %if 0%{?fips}

 Source9:        check_fips_canister_struct_compatibility.inc

-%define fips_canister_version 5.0.0-6.1.10-5%{?dist}-secure

+%define fips_canister_version 5.0.0-6.1.10-8%{?dist}-secure

 Source16:       fips-canister-%{fips_canister_version}.tar.bz2

-%define sha512 fips-canister=3321bf7e690f9ea5d2baaa9d04b6950d80a7af71fb230bd2f687f73f6630b606522bddb56bd75e8596e6ea5faada804855a93218a67b9828d7c842028f33c13d

+%define sha512 fips-canister=b9d60d93fb86a4ff1cc39d5e3458438ce96b2e18f5773c308b6ea5b02431e5dd9fdd22babb2e2d3860a59af65092b8918e7bd23423645b3c1be7f1c9cf019e23

 Source18:       speedup-algos-registration-in-non-fips-mode.patch

 %endif

@@ -177,7 +177,7 @@ Patch506: 0001-fips-Continue-to-export-shash_no_setkey.patch

 %if 0%{?fips}

 # FIPS canister usage patch

-Patch508: 6.1-0001-FIPS-canister-binary-usage.patch

+Patch508: 6.1.10-8-0001-FIPS-canister-binary-usage.patch

 Patch509: 0001-scripts-kallsyms-Extra-kallsyms-parsing.patch

 Patch510: FIPS-do-not-allow-not-certified-algos-in-fips-2.patch

 %else

@@ -502,6 +502,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 %{_usrsrc}/linux-headers-%{uname_r}

 %changelog

+* Sun Mar 26 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 6.1.10-6

+- Use canister version 5.0.0-6.1.10-8

 * Tue Mar 21 2023 Shreenidhi Shedi <sshedi@vmware.com> 6.1.10-5

 - Fix initramfs trigger

 * Thu Mar 16 2023 Keerthana K <keerthanak@vmware.com> 6.1.10-4

@@ -16,7 +16,7 @@

 Summary:        Kernel

 Name:           linux-rt

 Version:        6.1.10

-Release:        5%{?kat_build:.kat}%{?dist}

+Release:        6%{?kat_build:.kat}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org

 Group:          System Environment/Kernel

@@ -57,9 +57,9 @@ Source8:       https://sourceforge.net/projects/e1000/files/ice%20stable/%{ice_v

 %if 0%{?fips}

 Source9:        check_fips_canister_struct_compatibility.inc

-%define fips_canister_version 5.0.0-6.1.10-5%{?dist}-secure

+%define fips_canister_version 5.0.0-6.1.10-8%{?dist}-secure

 Source16:       fips-canister-%{fips_canister_version}.tar.bz2

-%define sha512 fips-canister=3321bf7e690f9ea5d2baaa9d04b6950d80a7af71fb230bd2f687f73f6630b606522bddb56bd75e8596e6ea5faada804855a93218a67b9828d7c842028f33c13d

+%define sha512 fips-canister=b9d60d93fb86a4ff1cc39d5e3458438ce96b2e18f5773c308b6ea5b02431e5dd9fdd22babb2e2d3860a59af65092b8918e7bd23423645b3c1be7f1c9cf019e23

 %endif

 Source18:        modify_kernel_configs.inc

@@ -195,7 +195,7 @@ Patch1006: 0001-fips-Continue-to-export-shash_no_setkey.patch

 %if 0%{?fips}

 # FIPS canister usage patch

-Patch1008: 6.1-0001-FIPS-canister-binary-usage.patch

+Patch1008: 6.1.10-8-0001-FIPS-canister-binary-usage.patch

 Patch1009: 0001-scripts-kallsyms-Extra-kallsyms-parsing.patch

 Patch1010: FIPS-do-not-allow-not-certified-algos-in-fips-2.patch

 %endif

@@ -507,6 +507,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 %{_usrsrc}/linux-headers-%{uname_r}

 %changelog

+* Sun Mar 26 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 6.1.10-6

+- Use canister version 5.0.0-6.1.10-8

 * Tue Mar 21 2023 Shreenidhi Shedi <sshedi@vmware.com> 6.1.10-5

 - Fix initramfs trigger

 * Thu Mar 16 2023 Keerthana K <keerthanak@vmware.com> 6.1.10-4

@@ -16,7 +16,7 @@

 Summary:        Kernel

 Name:           linux-secure

 Version:        6.1.10

-Release:        8%{?kat_build:.kat}%{?dist}

+Release:        9%{?kat_build:.kat}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org

 Group:          System Environment/Kernel

@@ -37,9 +37,9 @@ Source4:        check_for_config_applicability.inc

 %if 0%{?fips}

 Source9:        check_fips_canister_struct_compatibility.inc

-%define fips_canister_version 5.0.0-6.1.10-5%{dist}-secure

+%define fips_canister_version 5.0.0-6.1.10-8%{dist}-secure

 Source16:       fips-canister-%{fips_canister_version}.tar.bz2

-%define sha512 fips-canister=3321bf7e690f9ea5d2baaa9d04b6950d80a7af71fb230bd2f687f73f6630b606522bddb56bd75e8596e6ea5faada804855a93218a67b9828d7c842028f33c13d

+%define sha512 fips-canister=b9d60d93fb86a4ff1cc39d5e3458438ce96b2e18f5773c308b6ea5b02431e5dd9fdd22babb2e2d3860a59af65092b8918e7bd23423645b3c1be7f1c9cf019e23

 %endif

 %if 0%{?canister_build}

@@ -109,7 +109,7 @@ Patch506: 0001-fips-Continue-to-export-shash_no_setkey.patch

 %if 0%{?fips}

 # FIPS canister usage patch

-Patch508: 6.1-0001-FIPS-canister-binary-usage.patch

+Patch508: 6.1.10-8-0001-FIPS-canister-binary-usage.patch

 Patch509: 0001-scripts-kallsyms-Extra-kallsyms-parsing.patch

 Patch510: FIPS-do-not-allow-not-certified-algos-in-fips-2.patch

 %endif

@@ -376,6 +376,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 %endif

 %changelog

+* Sun Mar 26 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 6.1.10-9

+- Use canister version 5.0.0-6.1.10-8

 * Thu Mar 23 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 6.1.10-8

 - Add new algorithms to canister.

 - cfb, cmac, cts, ecdsa, ccm, gcm

@@ -23,7 +23,7 @@

 Summary:        Kernel

 Name:           linux

 Version:        6.1.10

-Release:        7%{?kat_build:.kat}%{?dist}

+Release:        8%{?kat_build:.kat}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

@@ -66,9 +66,9 @@ Source13:       https://sourceforge.net/projects/e1000/files/ice%20stable/%{ice_

 %if 0%{?fips}

 Source9:        check_fips_canister_struct_compatibility.inc

-%define fips_canister_version 5.0.0-6.1.10-5%{?dist}-secure

+%define fips_canister_version 5.0.0-6.1.10-8%{?dist}-secure

 Source16:       fips-canister-%{fips_canister_version}.tar.bz2

-%define sha512 fips-canister=3321bf7e690f9ea5d2baaa9d04b6950d80a7af71fb230bd2f687f73f6630b606522bddb56bd75e8596e6ea5faada804855a93218a67b9828d7c842028f33c13d

+%define sha512 fips-canister=b9d60d93fb86a4ff1cc39d5e3458438ce96b2e18f5773c308b6ea5b02431e5dd9fdd22babb2e2d3860a59af65092b8918e7bd23423645b3c1be7f1c9cf019e23

 %endif

 Source18:       spec_install_post.inc

@@ -187,7 +187,7 @@ Patch506: 0001-fips-Continue-to-export-shash_no_setkey.patch

 %if 0%{?fips}

 # FIPS canister usage patch

-Patch508: 6.1-0001-FIPS-canister-binary-usage.patch

+Patch508: 6.1.10-8-0001-FIPS-canister-binary-usage.patch

 Patch509: 0001-scripts-kallsyms-Extra-kallsyms-parsing.patch

 Patch510: FIPS-do-not-allow-not-certified-algos-in-fips-2.patch

 %else

@@ -706,6 +706,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 %{_datadir}/bash-completion/completions/bpftool

 %changelog

+* Sun Mar 26 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 6.1.10-8

+- Use canister version 5.0.0-6.1.10-8

 * Tue Mar 21 2023 Shreenidhi Shedi <sshedi@vmware.com> 6.1.10-7

 - Fix initramfs trigger

 * Thu Mar 16 2023 Keerthana K <keerthanak@vmware.com> 6.1.10-6