@@ -66,6 +66,7 @@

 #include <crypto/sha1_base.h>

 #include <crypto/sha512_base.h>

 #include <crypto/sha3.h>

+#include <crypto/internal/geniv.h>

 static __ro_after_init bool alg_request_report = false;

@@ -611,4 +612,7 @@ EXPORT_SYMBOL(sha256);

 EXPORT_SYMBOL(crypto_sha3_init);

 EXPORT_SYMBOL(crypto_sha3_update);

 EXPORT_SYMBOL(crypto_sha3_final);

+EXPORT_SYMBOL_GPL(aead_geniv_alloc);

+EXPORT_SYMBOL_GPL(aead_init_geniv);

+EXPORT_SYMBOL_GPL(aead_exit_geniv);

 /* End of Exports */

@@ -23,7 +23,7 @@ Signed-off-by: Keerthana K <keerthanak@vmware.com>

 Signed-off-by: Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com>

 ---

  arch/x86/crypto/aesni-intel_glue.c |  73 ++++++++++---------

- crypto/Makefile                    |  84 ++++++++++++++++++++++

+ crypto/Makefile                    |  86 +++++++++++++++++++++++

  crypto/algboss.c                   |   5 +-

  crypto/ccm.c                       |   7 +-

  crypto/cmac.c                      |   3 +-

@@ -36,10 +36,11 @@ Signed-off-by: Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com>

  crypto/gcm.c                       |  11 +--

  crypto/hmac.c                      |   3 +-

  crypto/rsa-pkcs1pad.c              |  13 ++--

+ crypto/sha3_generic.c              |   5 +-

  crypto/testmgr.c                   | 108 ++++++++++++++++-------------

  crypto/xts.c                       |   3 +-

  include/crypto/drbg.h              |   3 +-

- 17 files changed, 252 insertions(+), 130 deletions(-)

+ 18 files changed, 257 insertions(+), 132 deletions(-)

 diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c

 index a5b0cb3ef..10420b2aa 100644

@@ -321,10 +322,21 @@ index a5b0cb3ef..10420b2aa 100644

  		err = skcipher_walk_done(&walk, 0);

  	}

 diff --git a/crypto/Makefile b/crypto/Makefile

-index 1c6775c9a..7f7957e8f 100644

+index 19bf4080d..d3df694c0 100644

 --- a/crypto/Makefile

 +++ b/crypto/Makefile

-@@ -44,6 +44,7 @@ rsa_generic-y += rsaprivkey.asn1.o

+@@ -18,8 +18,10 @@ crypto_algapi-y := algapi.o scatterwalk.o $(crypto_algapi-y)

+ obj-$(CONFIG_CRYPTO_ALGAPI2) += crypto_algapi.o

+ 

+ obj-$(CONFIG_CRYPTO_AEAD2) += aead.o

++canister += geniv.o

+ 

+ obj-$(CONFIG_CRYPTO_SKCIPHER2) += skcipher.o

++canister += seqiv.o

+ obj-$(CONFIG_CRYPTO_ECHAINIV) += echainiv.o

+ 

+ crypto_hash-y += ahash.o

+@@ -42,6 +44,7 @@ rsa_generic-y += rsaprivkey.asn1.o

  rsa_generic-y += rsa.o

  rsa_generic-y += rsa_helper.o

  rsa_generic-y += rsa-pkcs1pad.o

@@ -332,7 +344,7 @@ index 1c6775c9a..7f7957e8f 100644

  $(obj)/sm2signature.asn1.o: $(obj)/sm2signature.asn1.c $(obj)/sm2signature.asn1.h

  $(obj)/sm2.o: $(obj)/sm2signature.asn1.h

-@@ -57,22 +58,30 @@ $(obj)/ecdsasignature.asn1.o: $(obj)/ecdsasignature.asn1.c $(obj)/ecdsasignature

+@@ -55,22 +58,30 @@ $(obj)/ecdsasignature.asn1.o: $(obj)/ecdsasignature.asn1.c $(obj)/ecdsasignature

  $(obj)/ecdsa.o: $(obj)/ecdsasignature.asn1.h

  ecdsa_generic-y += ecdsa.o

  ecdsa_generic-y += ecdsasignature.asn1.o

@@ -363,7 +375,7 @@ index 1c6775c9a..7f7957e8f 100644

  obj-$(CONFIG_CRYPTO_SM3) += sm3.o

  obj-$(CONFIG_CRYPTO_SM3_GENERIC) += sm3_generic.o

  obj-$(CONFIG_CRYPTO_STREEBOG) += streebog_generic.o

-@@ -81,13 +90,21 @@ CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns)  # https://gcc.gnu.org/b

+@@ -79,13 +90,21 @@ CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns)  # https://gcc.gnu.org/b

  obj-$(CONFIG_CRYPTO_BLAKE2B) += blake2b_generic.o

  CFLAGS_blake2b_generic.o := -Wframe-larger-than=4096 #  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105930

  obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o

@@ -385,7 +397,7 @@ index 1c6775c9a..7f7957e8f 100644

  obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o

  obj-$(CONFIG_CRYPTO_AEGIS128) += aegis128.o

  aegis128-y := aegis128-core.o

-@@ -122,6 +139,7 @@ obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o

+@@ -120,6 +139,7 @@ obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o

  obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o

  obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o

  CFLAGS_serpent_generic.o := $(call cc-option,-fsched-pressure)  # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149

@@ -393,7 +405,7 @@ index 1c6775c9a..7f7957e8f 100644

  CFLAGS_aes_generic.o := $(call cc-option,-fno-code-hoisting) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356

  obj-$(CONFIG_CRYPTO_SM4) += sm4.o

  obj-$(CONFIG_CRYPTO_SM4_GENERIC) += sm4_generic.o

-@@ -165,11 +183,14 @@ obj-$(CONFIG_CRYPTO_USER_API_RNG) += algif_rng.o

+@@ -163,11 +183,14 @@ obj-$(CONFIG_CRYPTO_USER_API_RNG) += algif_rng.o

  obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o

  obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o

  obj-$(CONFIG_CRYPTO_OFB) += ofb.o

@@ -408,7 +420,7 @@ index 1c6775c9a..7f7957e8f 100644

  $(obj)/ecrdsa_params.asn1.o: $(obj)/ecrdsa_params.asn1.c $(obj)/ecrdsa_params.asn1.h

  $(obj)/ecrdsa_pub_key.asn1.o: $(obj)/ecrdsa_pub_key.asn1.c $(obj)/ecrdsa_pub_key.asn1.h

-@@ -193,6 +214,69 @@ obj-$(CONFIG_CRYPTO_SIMD) += crypto_simd.o

+@@ -191,6 +214,69 @@ obj-$(CONFIG_CRYPTO_SIMD) += crypto_simd.o

  # Key derivation function

  #

  obj-$(CONFIG_CRYPTO_KDF800108_CTR) += kdf_sp800108.o

@@ -1005,9 +1017,39 @@ index 1cf267bc6..e3a77b398 100644

 +	inst = fcw_kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);

  	if (!inst)

  		return -ENOMEM;

+

+diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c

+index 3e4069935..7d107460b 100644

+--- a/crypto/sha3_generic.c

+@@ -14,6 +14,7 @@

+ #include <linux/types.h>

+ #include <crypto/sha3.h>

+ #include <asm/unaligned.h>

++#include "fips_canister_wrapper.h"

+ /*

+  * On some 32-bit architectures (h8300), GCC ends up using

+@@ -185,7 +186,7 @@ int crypto_sha3_update(struct shash_desc *desc, const u8 *data,

+ 	if ((sctx->partial + len) > (sctx->rsiz - 1)) {

+ 		if (sctx->partial) {

+ 			done = -sctx->partial;

+-			memcpy(sctx->buf + sctx->partial, data,

++			fcw_memcpy(sctx->buf + sctx->partial, data,

+ 			       done + sctx->rsiz);

+ 			src = sctx->buf;

+ 		}

+@@ -203,7 +204,7 @@ int crypto_sha3_update(struct shash_desc *desc, const u8 *data,

+ 

+ 		sctx->partial = 0;

+ 	}

+-	memcpy(sctx->buf + sctx->partial, src, len - done);

++	fcw_memcpy(sctx->buf + sctx->partial, src, len - done);

+ 	sctx->partial += (len - done);

+ 

+ 	return 0;

 diff --git a/crypto/testmgr.c b/crypto/testmgr.c

-index 5e4be63ba..5fb27ae33 100644

+index af31ff549..322f40897 100644

 --- a/crypto/testmgr.c

 +++ b/crypto/testmgr.c

 @@ -37,6 +37,7 @@

@@ -1339,7 +1381,7 @@ index 5e4be63ba..5fb27ae33 100644

  	if (!output_buf) {

  		err = -ENOMEM;

  		goto free_req;

-@@ -4083,13 +4084,13 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

+@@ -4085,13 +4086,13 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

  	if (testmgr_alloc_buf(xbuf))

  		return err;

@@ -1355,7 +1397,7 @@ index 5e4be63ba..5fb27ae33 100644

  		      GFP_KERNEL);

  	if (!key)

  		goto free_req;

-@@ -4112,7 +4113,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

+@@ -4114,7 +4115,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

  	 */

  	err = -ENOMEM;

  	out_len_max = crypto_akcipher_maxsize(tfm);

@@ -1364,7 +1406,7 @@ index 5e4be63ba..5fb27ae33 100644

  	if (!outbuf_enc)

  		goto free_key;

-@@ -4189,7 +4190,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

+@@ -4191,7 +4192,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

  		err = 0;

  		goto free_all;

  	}

@@ -1373,7 +1415,7 @@ index 5e4be63ba..5fb27ae33 100644

  	if (!outbuf_dec) {

  		err = -ENOMEM;

  		goto free_all;

-@@ -5885,13 +5886,22 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

+@@ -5906,13 +5907,22 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

  	int i;

  	int j;

  	int rc;

@@ -1398,7 +1440,7 @@ index 5e4be63ba..5fb27ae33 100644

  	if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {

  		char nalg[CRYPTO_MAX_ALG_NAME];

 diff --git a/crypto/xts.c b/crypto/xts.c

-index de6cbcf69..f548992c2 100644

+index b05020657..7c926f7bb 100644

 --- a/crypto/xts.c

 +++ b/crypto/xts.c

 @@ -20,6 +20,7 @@

@@ -23,12 +23,12 @@ Signed-off-by: Srish Srinivasan <ssrish@vmware.com>

  crypto/gcm.c                       |  26 +++----

  crypto/hmac.c                      |   4 +-

  crypto/rsa-pkcs1pad.c              |   6 +-

+ crypto/seqiv.c                     |   3 +-

  crypto/sha1_generic.c              |   5 +-

  crypto/sha512_generic.c            |   5 +-

  crypto/testmgr.c                   | 110 ++++++++++++++---------------

- crypto/xts.c                       |   2 +-

  lib/crypto/sha256.c                |  10 +++

- 22 files changed, 176 insertions(+), 161 deletions(-)

+ 22 files changed, 177 insertions(+), 161 deletions(-)

 diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c

 index 0628c2bca..6a4378bac 100644

@@ -867,7 +867,7 @@ index 7c289df3b..b3e099505 100644

  	for (i = 0; i < bs; i++) {

  		ipad[i] ^= HMAC_IPAD_VALUE;

 diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c

-index 1c9d29552..ab144392a 100644

+index e3a77b398..f8983636f 100644

 --- a/crypto/rsa-pkcs1pad.c

 +++ b/crypto/rsa-pkcs1pad.c

 @@ -166,7 +166,7 @@ static void pkcs1pad_sg_set_buf(struct scatterlist *sg, void *buf, size_t len,

@@ -897,6 +897,27 @@ index 1c9d29552..ab144392a 100644

  	    !ctx->key_size || sig_size != ctx->key_size)

  		return -EINVAL;

+diff --git a/crypto/seqiv.c b/crypto/seqiv.c

+index b1bcfe537..c593c2947 100644

+--- a/crypto/seqiv.c

+@@ -17,6 +17,7 @@

+ #include <linux/module.h>

+ #include <linux/slab.h>

+ #include <linux/string.h>

++#include "fips_canister_wrapper.h"

+ 

+ static void seqiv_aead_encrypt_complete2(struct aead_request *req, int err)

+ {

+@@ -30,7 +31,7 @@ static void seqiv_aead_encrypt_complete2(struct aead_request *req, int err)

+ 		goto out;

+ 

+ 	geniv = crypto_aead_reqtfm(req);

+-	memcpy(req->iv, subreq->iv, crypto_aead_ivsize(geniv));

++	fcw_memcpy(req->iv, subreq->iv, crypto_aead_ivsize(geniv));

+ 

+ out:

+ 	kfree_sensitive(subreq->iv);

 diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c

 index 325b57fe2..193345133 100644

 --- a/crypto/sha1_generic.c

@@ -958,7 +979,7 @@ index be70e76d6..07e27910c 100644

  }

  EXPORT_SYMBOL(crypto_sha512_finup);

 diff --git a/crypto/testmgr.c b/crypto/testmgr.c

-index 783c006d0..7899ab3cd 100644

+index 322f40897..22f4ec725 100644

 --- a/crypto/testmgr.c

 +++ b/crypto/testmgr.c

 @@ -587,7 +587,7 @@ static int build_test_sglist(struct test_sglist *tsgl,

@@ -1191,7 +1212,7 @@ index 783c006d0..7899ab3cd 100644

  		       template[i].dt, template[i].dtlen);

  		err = crypto_rng_reset(tfm, seed, seedsize);

-@@ -3929,14 +3929,14 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

+@@ -3930,14 +3930,14 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

  	if (vec->genkey) {

  		/* Save party A's public key */

@@ -1208,7 +1229,7 @@ index 783c006d0..7899ab3cd 100644

  			   vec->expected_a_public_size)) {

  			pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",

  			       alg);

-@@ -3967,7 +3967,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

+@@ -3969,7 +3969,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

  	if (vec->genkey) {

  		/* Save the shared secret obtained by party A */

@@ -1217,7 +1238,7 @@ index 783c006d0..7899ab3cd 100644

  		if (!a_ss) {

  			err = -ENOMEM;

  			goto free_all;

-@@ -4005,7 +4005,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

+@@ -4007,7 +4007,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

  	 * verify shared secret from which the user will derive

  	 * secret key by executing whatever hash it has chosen

  	 */

@@ -1226,7 +1247,7 @@ index 783c006d0..7899ab3cd 100644

  		   vec->expected_ss_size)) {

  		pr_err("alg: %s: compute shared secret test failed. Invalid output\n",

  		       alg);

-@@ -4061,7 +4061,7 @@ static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,

+@@ -4063,7 +4063,7 @@ static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,

  static u8 *test_pack_u32(u8 *dst, u32 val)

  {

@@ -1235,7 +1256,7 @@ index 783c006d0..7899ab3cd 100644

  	return dst + sizeof(val);

  }

-@@ -4094,11 +4094,11 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

+@@ -4096,11 +4096,11 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

  		      GFP_KERNEL);

  	if (!key)

  		goto free_req;

@@ -1249,7 +1270,7 @@ index 783c006d0..7899ab3cd 100644

  	if (vecs->public_key_vec)

  		err = crypto_akcipher_set_pub_key(tfm, key, vecs->key_len);

-@@ -4135,18 +4135,18 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

+@@ -4137,18 +4137,18 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

  	}

  	err = -E2BIG;

@@ -1275,7 +1296,7 @@ index 783c006d0..7899ab3cd 100644

  		akcipher_request_set_crypt(req, src_tab, NULL, m_size, c_size);

  	} else {

  		sg_init_one(&dst, outbuf_enc, out_len_max);

-@@ -4203,9 +4203,9 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

+@@ -4205,9 +4205,9 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

  	err = -E2BIG;

  	op = vecs->siggen_sigver_test ? "sign" : "decrypt";

@@ -1287,7 +1308,7 @@ index 783c006d0..7899ab3cd 100644

  	sg_init_one(&src, xbuf[0], c_size);

  	sg_init_one(&dst, outbuf_dec, out_len_max);

-@@ -5829,13 +5829,13 @@ static void alg_check_test_descs_order(void)

+@@ -5834,13 +5834,13 @@ static void alg_check_test_descs_order(void)

  		int diff = strcmp(alg_test_descs[i - 1].alg,

  				  alg_test_descs[i].alg);

@@ -1303,7 +1324,7 @@ index 783c006d0..7899ab3cd 100644

  			pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",

  				alg_test_descs[i].alg);

  		}

-@@ -5847,12 +5847,12 @@ static void alg_check_testvec_configs(void)

+@@ -5852,12 +5852,12 @@ static void alg_check_testvec_configs(void)

  	int i;

  	for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++)

@@ -1320,7 +1341,7 @@ index 783c006d0..7899ab3cd 100644

  }

  static void testmgr_onetime_init(void)

-@@ -5968,7 +5968,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

+@@ -5973,7 +5973,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

  		}

  		pr_warn("alg: self-tests for %s using %s failed (rc=%d)",

  			alg, driver, rc);

@@ -9,16 +9,17 @@ Signed-off-by: Keerthana K <keerthanak@vmware.com

  crypto/aes_generic.c    |  5 -----

  crypto/ecc.c            | 20 --------------------

  crypto/ecdh_helper.c    |  5 +----

+ crypto/geniv.c          |  3 ---

  crypto/rsa_helper.c     |  2 --

  crypto/sha1_generic.c   |  3 ---

  crypto/sha256_generic.c |  4 ----

- crypto/sha3_generic.c   |  8 +++-----

+ crypto/sha3_generic.c   |  3 ---

  crypto/sha512_generic.c |  4 ----

  crypto/testmgr.c        |  2 --

  lib/crypto/aes.c        |  6 ------

  lib/crypto/sha1.c       |  2 --

  lib/crypto/sha256.c     |  5 -----

- 12 files changed, 4 insertions(+), 62 deletions(-)

+ 13 files changed, 1 insertion(+), 63 deletions(-)

 diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c

 index 27ab27931..f73022bed 100644

@@ -234,6 +235,34 @@ index 5dac6b348..78cd5252f 100644

 -EXPORT_SYMBOL_GPL(crypto_ecdh_decode_key);

 +}

 \ No newline at end of file

+diff --git a/crypto/geniv.c b/crypto/geniv.c

+index bee4621b4..2ac9bc761 100644

+--- a/crypto/geniv.c

+@@ -104,7 +104,6 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl,

+ 	inst = ERR_PTR(err);

+ 	goto out;

+ }

+-EXPORT_SYMBOL_GPL(aead_geniv_alloc);

+ 

+ int aead_init_geniv(struct crypto_aead *aead)

+ {

+@@ -148,7 +147,6 @@ int aead_init_geniv(struct crypto_aead *aead)

+ 	crypto_put_default_null_skcipher();

+ 	goto out;

+ }

+-EXPORT_SYMBOL_GPL(aead_init_geniv);

+ 

+ void aead_exit_geniv(struct crypto_aead *tfm)

+ {

+@@ -157,7 +155,6 @@ void aead_exit_geniv(struct crypto_aead *tfm)

+ 	crypto_free_aead(ctx->child);

+ 	crypto_put_default_null_skcipher();

+ }

+-EXPORT_SYMBOL_GPL(aead_exit_geniv);

+ 

+ MODULE_LICENSE("GPL");

+ MODULE_DESCRIPTION("Shared IV generator code");

 diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c

 index 94266f290..9deb71e13 100644

 --- a/crypto/rsa_helper.c

@@ -319,15 +348,7 @@ diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c

 index 3e4069935..7d107460b 100644

 --- a/crypto/sha3_generic.c

 +++ b/crypto/sha3_generic.c

-@@ -14,6 +14,7 @@

- #include <linux/types.h>

- #include <crypto/sha3.h>

- #include <asm/unaligned.h>

-+#include "fips_canister_wrapper.h"

- 

- /*

-  * On some 32-bit architectures (h8300), GCC ends up using

-@@ -170,7 +171,6 @@ int crypto_sha3_init(struct shash_desc *desc)

+@@ -171,7 +171,6 @@ int crypto_sha3_init(struct shash_desc *desc)

  	memset(sctx->st, 0, sizeof(sctx->st));

  	return 0;

  }

@@ -335,22 +356,7 @@ index 3e4069935..7d107460b 100644

  int crypto_sha3_update(struct shash_desc *desc, const u8 *data,

  		       unsigned int len)

-@@ -185,7 +185,7 @@ int crypto_sha3_update(struct shash_desc *desc, const u8 *data,

- 	if ((sctx->partial + len) > (sctx->rsiz - 1)) {

- 		if (sctx->partial) {

- 			done = -sctx->partial;

--			memcpy(sctx->buf + sctx->partial, data,

-+			fcw_memcpy(sctx->buf + sctx->partial, data,

- 			       done + sctx->rsiz);

- 			src = sctx->buf;

- 		}

-@@ -203,12 +203,11 @@ int crypto_sha3_update(struct shash_desc *desc, const u8 *data,

- 

- 		sctx->partial = 0;

- 	}

--	memcpy(sctx->buf + sctx->partial, src, len - done);

-+	fcw_memcpy(sctx->buf + sctx->partial, src, len - done);

- 	sctx->partial += (len - done);

+@@ -209,7 +208,6 @@ int crypto_sha3_update(struct shash_desc *desc, const u8 *data,

  	return 0;

  }

@@ -358,7 +364,7 @@ index 3e4069935..7d107460b 100644

  int crypto_sha3_final(struct shash_desc *desc, u8 *out)

  {

-@@ -235,7 +234,6 @@ int crypto_sha3_final(struct shash_desc *desc, u8 *out)

+@@ -236,7 +234,6 @@ int crypto_sha3_final(struct shash_desc *desc, u8 *out)

  	memset(sctx, 0, sizeof(*sctx));

  	return 0;

  }

@@ -403,10 +409,10 @@ index 07e27910c..32ff5a0b1 100644

  static struct shash_alg sha512_algs[2] = { {

  	.digestsize	=	SHA512_DIGEST_SIZE,

 diff --git a/crypto/testmgr.c b/crypto/testmgr.c

-index 7899ab3cd..94279afed 100644

+index 22f4ec725..91325e2a8 100644

 --- a/crypto/testmgr.c

 +++ b/crypto/testmgr.c

-@@ -5976,5 +5976,3 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

+@@ -5996,5 +5996,3 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

  }

  #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */

@@ -38,6 +38,7 @@ Signed-off-by: Keerthana K <keerthanak@vmware.com>

  crypto/ecdh.c                      |  10 +-

  crypto/ecdsa.c                     |  16 +-

  crypto/gcm.c                       |  15 +-

+ crypto/geniv.c                     |   2 -

  crypto/hmac.c                      |  11 +-

  crypto/internal.h                  |   7 +-

  crypto/rsa-pkcs1pad.c              |   1 -

@@ -47,7 +48,7 @@ Signed-off-by: Keerthana K <keerthanak@vmware.com>

  crypto/sha256_generic.c            |  15 +-

  crypto/sha3_generic.c              |  19 +-

  crypto/sha512_generic.c            |  15 +-

- crypto/testmgr.c                   | 648 ++++++++---------------------

+ crypto/testmgr.c                   | 652 ++++++++---------------------

  crypto/testmgr.h                   |  23 +-

  crypto/xts.c                       |  13 +-

  include/crypto/algapi.h            |   6 +

@@ -60,7 +61,7 @@ Signed-off-by: Keerthana K <keerthanak@vmware.com>

  include/linux/crypto.h             |   8 +

  include/linux/rtattr.h             |   6 +

  include/linux/swait.h              |   4 +

- 38 files changed, 370 insertions(+), 824 deletions(-)

+ 39 files changed, 372 insertions(+), 828 deletions(-)

  create mode 100644 include/linux/rtattr.h

 diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c

@@ -530,7 +531,7 @@ index bd11953dc..466f5e261 100644

 -MODULE_ALIAS_CRYPTO("cmac");

 -MODULE_IMPORT_NS(CRYPTO_INTERNAL);

 diff --git a/crypto/crypto_self_test.c b/crypto/crypto_self_test.c

-index aad09e6a6..79c07c7d6 100644

+index eb4ed8bdb..19ecf60a5 100644

 --- a/crypto/crypto_self_test.c

 +++ b/crypto/crypto_self_test.c

 @@ -5,12 +5,11 @@

@@ -547,7 +548,7 @@ index aad09e6a6..79c07c7d6 100644

  extern int alg_test(const char *driver, const char *alg, u32 type, u32 mask);

-@@ -65,7 +64,7 @@ extern int FIPS_NOT_ALLOWED(char *);

+@@ -97,7 +96,7 @@ extern int FIPS_NOT_ALLOWED(char *);

  #define FIPS_NOT_ALLOWED(algname) 0

  #endif

@@ -556,7 +557,7 @@ index aad09e6a6..79c07c7d6 100644

  {

  	int err = -ENOMEM;

  	int i = 0;

-@@ -78,7 +77,7 @@ static int __init crypto_self_test_init(void)

+@@ -110,7 +109,7 @@ static int __init crypto_self_test_init(void)

  			continue;

  		err = alg_test(alg_self_test_tbl[i].driver_name, alg_self_test_tbl[i].alg_name, 0, 0);

  		if (err) {

@@ -565,7 +566,7 @@ index aad09e6a6..79c07c7d6 100644

  					 alg_self_test_tbl[i].driver_name,

  					 alg_self_test_tbl[i].alg_name);

  			goto error;

-@@ -88,4 +87,3 @@ static int __init crypto_self_test_init(void)

+@@ -120,4 +119,3 @@ static int __init crypto_self_test_init(void)

  error:

  	return err;

  }

@@ -1241,6 +1242,16 @@ index 887033a38..89ea69061 100644

 -MODULE_ALIAS_CRYPTO("rfc4106");

 -MODULE_ALIAS_CRYPTO("rfc4543");

 -MODULE_ALIAS_CRYPTO("gcm");

+diff --git a/crypto/geniv.c b/crypto/geniv.c

+index 2ac9bc761..8064aa6b4 100644

+--- a/crypto/geniv.c

+@@ -156,5 +156,3 @@ void aead_exit_geniv(struct crypto_aead *tfm)

+ 	crypto_put_default_null_skcipher();

+ }

+ 

+-MODULE_LICENSE("GPL");

+-MODULE_DESCRIPTION("Shared IV generator code");

 diff --git a/crypto/hmac.c b/crypto/hmac.c

 index b3e099505..e9116ae4c 100644

 --- a/crypto/hmac.c

@@ -1307,7 +1318,7 @@ index c08385571..edee7e0d5 100644

  static inline int crypto_is_larval(struct crypto_alg *alg)

 diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c

-index cb54c382d..5464d13ad 100644

+index 82e5eb5e2..dbeeb60a7 100644

 --- a/crypto/rsa-pkcs1pad.c

 +++ b/crypto/rsa-pkcs1pad.c

 @@ -12,7 +12,6 @@

@@ -1531,7 +1542,7 @@ index 32ff5a0b1..845c40f7e 100644

 -MODULE_ALIAS_CRYPTO("sha512");

 -MODULE_ALIAS_CRYPTO("sha512-generic");

 diff --git a/crypto/testmgr.c b/crypto/testmgr.c

-index 94279afed..c2e52e4c3 100644

+index 91325e2a8..91afcb502 100644

 --- a/crypto/testmgr.c

 +++ b/crypto/testmgr.c

 @@ -21,7 +21,6 @@

@@ -2975,7 +2986,7 @@ index 94279afed..c2e52e4c3 100644

  	}

  	/* Calculate shared secret key by using counter part (b) public key. */

-@@ -3960,7 +3660,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

+@@ -3962,7 +3662,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

  				 crypto_req_done, &wait);

  	err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);

  	if (err) {

@@ -2984,7 +2995,7 @@ index 94279afed..c2e52e4c3 100644

  		       alg, err);

  		goto free_all;

  	}

-@@ -3991,7 +3691,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

+@@ -3993,7 +3693,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

  		err = crypto_wait_req(crypto_kpp_compute_shared_secret(req),

  				      &wait);

  		if (err) {

@@ -2993,7 +3004,7 @@ index 94279afed..c2e52e4c3 100644

  			       alg, err);

  			goto free_all;

  		}

-@@ -4007,7 +3707,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

+@@ -4009,7 +3709,7 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,

  	 */

  	if (memcmp(shared_secret, fcw_sg_virt(req->dst),

  		   vec->expected_ss_size)) {

@@ -3002,7 +3013,7 @@ index 94279afed..c2e52e4c3 100644

  		       alg);

  		err = -EINVAL;

  	}

-@@ -4031,7 +3731,7 @@ static int test_kpp(struct crypto_kpp *tfm, const char *alg,

+@@ -4033,7 +3733,7 @@ static int test_kpp(struct crypto_kpp *tfm, const char *alg,

  	for (i = 0; i < tcount; i++) {

  		ret = do_test_kpp(tfm, vecs++, alg);

  		if (ret) {

@@ -3011,7 +3022,7 @@ index 94279afed..c2e52e4c3 100644

  			       alg, i + 1, ret);

  			return ret;

  		}

-@@ -4047,7 +3747,7 @@ static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,

+@@ -4049,7 +3749,7 @@ static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,

  	tfm = crypto_alloc_kpp(driver, type, mask);

  	if (IS_ERR(tfm)) {

@@ -3020,7 +3031,7 @@ index 94279afed..c2e52e4c3 100644

  		       driver, PTR_ERR(tfm));

  		return PTR_ERR(tfm);

  	}

-@@ -4162,19 +3862,19 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

+@@ -4164,19 +3864,19 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

  			      /* Run asymmetric encrypt */

  			      crypto_akcipher_encrypt(req), &wait);

  	if (err) {

@@ -3043,7 +3054,7 @@ index 94279afed..c2e52e4c3 100644

  			       op);

  			hexdump(outbuf_enc, c_size);

  			err = -EINVAL;

-@@ -4218,12 +3918,12 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

+@@ -4220,12 +3920,12 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

  			      /* Run asymmetric decrypt */

  			      crypto_akcipher_decrypt(req), &wait);

  	if (err) {

@@ -3058,7 +3069,7 @@ index 94279afed..c2e52e4c3 100644

  		       op, out_len);

  		err = -EINVAL;

  		goto free_all;

-@@ -4231,7 +3931,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

+@@ -4233,7 +3933,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,

  	/* verify that decrypted message is equal to the original msg */

  	if (memchr_inv(outbuf_dec, 0, out_len - m_size) ||

  	    memcmp(m, outbuf_dec + out_len - m_size, m_size)) {

@@ -3067,7 +3078,7 @@ index 94279afed..c2e52e4c3 100644

  		hexdump(outbuf_dec, out_len);

  		err = -EINVAL;

  	}

-@@ -4260,7 +3960,7 @@ static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,

+@@ -4262,7 +3962,7 @@ static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,

  		if (!ret)

  			continue;

@@ -3076,7 +3087,7 @@ index 94279afed..c2e52e4c3 100644

  		       i + 1, algo, ret);

  		return ret;

  	}

-@@ -4275,7 +3975,7 @@ static int alg_test_akcipher(const struct alg_test_desc *desc,

+@@ -4277,7 +3977,7 @@ static int alg_test_akcipher(const struct alg_test_desc *desc,

  	tfm = crypto_alloc_akcipher(driver, type, mask);

  	if (IS_ERR(tfm)) {

@@ -3085,7 +3096,7 @@ index 94279afed..c2e52e4c3 100644

  		       driver, PTR_ERR(tfm));

  		return PTR_ERR(tfm);

  	}

-@@ -5815,13 +5515,13 @@ static void alg_check_test_descs_order(void)

+@@ -5835,13 +5535,13 @@ static void alg_check_test_descs_order(void)

  				  alg_test_descs[i].alg);

  		if (fcw_warn_on(diff > 0)) {

@@ -3101,7 +3112,7 @@ index 94279afed..c2e52e4c3 100644

  				alg_test_descs[i].alg);

  		}

  	}

-@@ -5846,7 +5546,7 @@ static void testmgr_onetime_init(void)

+@@ -5866,7 +5566,7 @@ static void testmgr_onetime_init(void)

  	alg_check_testvec_configs();

  #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS

@@ -3110,7 +3121,7 @@ index 94279afed..c2e52e4c3 100644

  #endif

  }

-@@ -5877,7 +5577,7 @@ static int alg_find_test(const char *alg)

+@@ -5897,7 +5597,7 @@ static int alg_find_test(const char *alg)

  static int alg_fips_disabled(const char *driver, const char *alg)

  {

@@ -3119,7 +3130,7 @@ index 94279afed..c2e52e4c3 100644

  	return -ECANCELED;

  }

-@@ -5889,11 +5589,6 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

+@@ -5909,11 +5609,6 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

  	int rc;

  	static bool done = false;

@@ -3131,7 +3142,7 @@ index 94279afed..c2e52e4c3 100644

  	/* Replace DO_ONCE by this. As DO_ONCE generates jump labels entry

  	 * and its data (__once_key) get changed at early boot time at

  	 * jump_label_init() from setup_arch(). We cannot run

-@@ -5945,27 +5640,26 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

+@@ -5965,27 +5660,26 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)

  test_done:

  	if (rc) {

@@ -3166,7 +3177,7 @@ index 94279afed..c2e52e4c3 100644

  	if (type & CRYPTO_ALG_FIPS_INTERNAL)

  		return alg_fips_disabled(driver, alg);

 diff --git a/crypto/testmgr.h b/crypto/testmgr.h

-index b23d8f1d9..4b4d56963 100644

+index 0ec3d5863..0d71f0b65 100644

 --- a/crypto/testmgr.h

 +++ b/crypto/testmgr.h

 @@ -20,32 +20,11 @@

@@ -3204,7 +3215,7 @@ index b23d8f1d9..4b4d56963 100644

   * cipher_testvec:	structure to describe a symmetric cipher test

   * @key:	Pointer to key

 diff --git a/crypto/xts.c b/crypto/xts.c

-index 12edd6525..25116457f 100644

+index 7c926f7bb..ce5425371 100644

 --- a/crypto/xts.c

 +++ b/crypto/xts.c

 @@ -13,7 +13,6 @@

@@ -3240,10 +3251,10 @@ index 12edd6525..25116457f 100644

 -MODULE_IMPORT_NS(CRYPTO_INTERNAL);

 -MODULE_SOFTDEP("pre: ecb");

 diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h

-index 224b86064..446cd7bf1 100644

+index 939a3196b..1b8b7358d 100644

 --- a/include/crypto/algapi.h

 +++ b/include/crypto/algapi.h

-@@ -27,7 +27,9 @@

+@@ -28,7 +28,9 @@

  struct crypto_aead;

  struct crypto_instance;

@@ -3253,7 +3264,7 @@ index 224b86064..446cd7bf1 100644

  struct notifier_block;

  struct rtattr;

  struct seq_file;

-@@ -66,7 +68,11 @@ struct crypto_instance {

+@@ -69,7 +71,11 @@ struct crypto_instance {

  struct crypto_template {

  	struct list_head list;

  	struct hlist_head instances;

new file mode 100644

@@ -0,0 +1,295 @@

+From a31ce76f47615c99cc429e8ca0c615401a6f0b0e Mon Sep 17 00:00:00 2001

+From: Keerthana K <keerthanak@vmware.com>

+Date: Wed, 20 Sep 2023 07:38:08 +0000

+Subject: [PATCH] FIPS canister binary usage

+

+Build with fips canister and skip building crypto algorithms.

+Invoke fips canister integrity check during kernel startup.

+

+This patch can be used at two stages:

+ 1. Prerequisite patch for canister creation.

+ 2. Binary canister usage time.

+

+Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>

+Signed-off-by: Keerthana K <keerthanak@vmware.com>

+Signed-off-by: Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com>

+---

+ arch/x86/crypto/Makefile |   4 --

+ crypto/Makefile          | 116 +++++++++++++++++++++++++++++++--------

+ init/main.c              |   3 +

+ lib/crypto/Makefile      |   9 ---

+ 4 files changed, 95 insertions(+), 37 deletions(-)

+

+diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile

+index 3b1d701a4..3836c4e30 100644

+--- a/arch/x86/crypto/Makefile

+@@ -46,10 +46,6 @@ obj-$(CONFIG_CRYPTO_CHACHA20_X86_64) += chacha-x86_64.o

+ chacha-x86_64-y := chacha-avx2-x86_64.o chacha-ssse3-x86_64.o chacha_glue.o

+ chacha-x86_64-$(CONFIG_AS_AVX512) += chacha-avx512vl-x86_64.o

+ 

+-obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o

+-aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o

+-aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o aes_ctrby8_avx-x86_64.o

+-

+ obj-$(CONFIG_CRYPTO_SHA1_SSSE3) += sha1-ssse3.o

+ sha1-ssse3-y := sha1_avx2_x86_64_asm.o sha1_ssse3_asm.o sha1_ssse3_glue.o

+ sha1-ssse3-$(CONFIG_AS_SHA1_NI) += sha1_ni_asm.o

+diff --git a/crypto/Makefile b/crypto/Makefile

+index 515ca3a4c..19bf4080d 100644

+--- a/crypto/Makefile

+@@ -18,10 +18,8 @@ crypto_algapi-y := algapi.o scatterwalk.o $(crypto_algapi-y)

+ obj-$(CONFIG_CRYPTO_ALGAPI2) += crypto_algapi.o

+ 

+ obj-$(CONFIG_CRYPTO_AEAD2) += aead.o

+-obj-$(CONFIG_CRYPTO_AEAD2) += geniv.o

+ 

+ obj-$(CONFIG_CRYPTO_SKCIPHER2) += skcipher.o

+-obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o

+ obj-$(CONFIG_CRYPTO_ECHAINIV) += echainiv.o

+ 

+ crypto_hash-y += ahash.o

+@@ -44,7 +42,6 @@ rsa_generic-y += rsaprivkey.asn1.o

+ rsa_generic-y += rsa.o

+ rsa_generic-y += rsa_helper.o

+ rsa_generic-y += rsa-pkcs1pad.o

+-obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o

+ 

+ $(obj)/sm2signature.asn1.o: $(obj)/sm2signature.asn1.c $(obj)/sm2signature.asn1.h

+ $(obj)/sm2.o: $(obj)/sm2signature.asn1.h

+@@ -53,13 +50,11 @@ sm2_generic-y += sm2signature.asn1.o

+ sm2_generic-y += sm2.o

+ 

+ obj-$(CONFIG_CRYPTO_SM2) += sm2_generic.o

+-obj-$(CONFIG_CRYPTO_SELF_TEST) += crypto_self_test.o

+ 

+ $(obj)/ecdsasignature.asn1.o: $(obj)/ecdsasignature.asn1.c $(obj)/ecdsasignature.asn1.h

+ $(obj)/ecdsa.o: $(obj)/ecdsasignature.asn1.h

+ ecdsa_generic-y += ecdsa.o

+ ecdsa_generic-y += ecdsasignature.asn1.o

+-obj-$(CONFIG_CRYPTO_ECDSA) += ecdsa_generic.o

+ 

+ crypto_acompress-y := acompress.o

+ crypto_acompress-y += scompress.o

+@@ -67,22 +62,15 @@ obj-$(CONFIG_CRYPTO_ACOMP2) += crypto_acompress.o

+ 

+ cryptomgr-y := algboss.o testmgr.o

+ 

+-obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o

+ obj-$(CONFIG_CRYPTO_USER) += crypto_user.o

+ crypto_user-y := crypto_user_base.o

+ crypto_user-$(CONFIG_CRYPTO_STATS) += crypto_user_stat.o

+-obj-$(CONFIG_CRYPTO_CMAC) += cmac.o

+-obj-$(CONFIG_CRYPTO_HMAC) += hmac.o

+ obj-$(CONFIG_CRYPTO_VMAC) += vmac.o

+ obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o

+ obj-$(CONFIG_CRYPTO_NULL2) += crypto_null.o

+ obj-$(CONFIG_CRYPTO_MD4) += md4.o

+ obj-$(CONFIG_CRYPTO_MD5) += md5.o

+ obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o

+-obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o

+-obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o

+-obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o

+-obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o

+ obj-$(CONFIG_CRYPTO_SM3) += sm3.o

+ obj-$(CONFIG_CRYPTO_SM3_GENERIC) += sm3_generic.o

+ obj-$(CONFIG_CRYPTO_STREEBOG) += streebog_generic.o

+@@ -91,21 +79,13 @@ CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns)  # https://gcc.gnu.org/b

+ obj-$(CONFIG_CRYPTO_BLAKE2B) += blake2b_generic.o

+ CFLAGS_blake2b_generic.o := -Wframe-larger-than=4096 #  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105930

+ obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o

+-obj-$(CONFIG_CRYPTO_ECB) += ecb.o

+-obj-$(CONFIG_CRYPTO_CBC) += cbc.o

+-obj-$(CONFIG_CRYPTO_CFB) += cfb.o

+ obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o

+-obj-$(CONFIG_CRYPTO_CTS) += cts.o

+ obj-$(CONFIG_CRYPTO_LRW) += lrw.o

+-obj-$(CONFIG_CRYPTO_XTS) += xts.o

+-obj-$(CONFIG_CRYPTO_CTR) += ctr.o

+ obj-$(CONFIG_CRYPTO_XCTR) += xctr.o

+ obj-$(CONFIG_CRYPTO_HCTR2) += hctr2.o

+ obj-$(CONFIG_CRYPTO_KEYWRAP) += keywrap.o

+ obj-$(CONFIG_CRYPTO_ADIANTUM) += adiantum.o

+ obj-$(CONFIG_CRYPTO_NHPOLY1305) += nhpoly1305.o

+-obj-$(CONFIG_CRYPTO_GCM) += gcm.o

+-obj-$(CONFIG_CRYPTO_CCM) += ccm.o

+ obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o

+ obj-$(CONFIG_CRYPTO_AEGIS128) += aegis128.o

+ aegis128-y := aegis128-core.o

+@@ -140,7 +120,6 @@ obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o

+ obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o

+ obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o

+ CFLAGS_serpent_generic.o := $(call cc-option,-fsched-pressure)  # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149

+-obj-$(CONFIG_CRYPTO_AES) += aes_generic.o

+ CFLAGS_aes_generic.o := $(call cc-option,-fno-code-hoisting) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356

+ obj-$(CONFIG_CRYPTO_SM4) += sm4.o

+ obj-$(CONFIG_CRYPTO_SM4_GENERIC) += sm4_generic.o

+@@ -171,7 +150,6 @@ obj-$(CONFIG_CRYPTO_XXHASH) += xxhash_generic.o

+ obj-$(CONFIG_CRYPTO_842) += 842.o

+ obj-$(CONFIG_CRYPTO_RNG2) += rng.o

+ obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o

+-obj-$(CONFIG_CRYPTO_DRBG) += drbg.o

+ CFLAGS_jitterentropy.o = -O0

+ KASAN_SANITIZE_jitterentropy.o = n

+ UBSAN_SANITIZE_jitterentropy.o = n

+@@ -185,13 +163,11 @@ obj-$(CONFIG_CRYPTO_USER_API_RNG) += algif_rng.o

+ obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o

+ obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o

+ obj-$(CONFIG_CRYPTO_OFB) += ofb.o

+-obj-$(CONFIG_CRYPTO_ECC) += ecc.o

+ obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o

+ obj-$(CONFIG_CRYPTO_CURVE25519) += curve25519-generic.o

+ 

+ ecdh_generic-y += ecdh.o

+ ecdh_generic-y += ecdh_helper.o

+-obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o

+ 

+ $(obj)/ecrdsa_params.asn1.o: $(obj)/ecrdsa_params.asn1.c $(obj)/ecrdsa_params.asn1.h

+ $(obj)/ecrdsa_pub_key.asn1.o: $(obj)/ecrdsa_pub_key.asn1.c $(obj)/ecrdsa_pub_key.asn1.h

+@@ -215,3 +191,95 @@ obj-$(CONFIG_CRYPTO_SIMD) += crypto_simd.o

+ # Key derivation function

+ #

+ obj-$(CONFIG_CRYPTO_KDF800108_CTR) += kdf_sp800108.o

++obj-$(CONFIG_CRYPTO_FIPS) += fips_canister_wrapper_asm.o fips_canister_wrapper.o fips_canister.o

++obj-$(CONFIG_CRYPTO_FIPS) += testmgr_fips_canister_wrapper.o aesni-intel_glue_fips_canister_wrapper.o

++

++ifdef CONFIG_CRYPTO_FIPS

++ifneq ($(CONFIG_CRYPTO_FIPS),y)

++  $(error FIPS canister requires CONFIG_CRYPTO_FIPS=y)

++endif

++ifneq ($(subst Y,y,$(CONFIG_CRYPTO_AEAD)),y)

++  $(error FIPS canister requires CONFIG_CRYPTO_AEAD=y)

++endif

++ifneq ($(subst Y,y,$(CONFIG_CRYPTO_AEAD2)),y)

++  $(error FIPS canister requires CONFIG_CRYPTO_AEAD2=y)

++endif

++ifneq ($(subst Y,y,$(CONFIG_CRYPTO_SEQIV)),y)

++  $(error FIPS canister requires CONFIG_CRYPTO_SEQIV=y)

++endif

++ifneq ($(subst Y,y,$(CONFIG_CRYPTO_RSA)),y)