Add samsung specific changes

crypto/Kconfig

@@ -33,20 +33,6 @@ config CRYPTO_FIPS
 	  certification.  You should say no unless you know what
 	  this is.
 
-config CRYPTO_SKC_FIPS
-	bool "FIPS 140-3 compliance"
-	select CRYPTO_HMAC
-	select CRYPTO_SHA512
-	select CRYPTO_SHA256
-	select CRYPTO_SHA1
-	select CRYPTO_ECB
-	select CRYPTO_CBC
-	select CRYPTO_DRBG_HMAC
-	select CRYPTO_SHA1_ARM64_CE
-	help
-	  This option enables FIPS 140-3 capability which meets
-	  CMVP requirement.
-
 config CRYPTO_FIPS_NAME
 	string "FIPS Module Name"
 	default "Linux Kernel Cryptographic API"
@@ -306,7 +292,7 @@ config CRYPTO_AUTHENC
 
 config CRYPTO_TEST
 	tristate "Testing module"
-	default n
+	depends on m || EXPERT
 	select CRYPTO_MANAGER
 	help
 	  Quick & dirty crypto test module.

crypto/Makefile

@@ -3,14 +3,6 @@
 # Cryptographic API
 #
 
-# CMVP functional test
-#ccflags-y += -DCONFIG_CRYPTO_SKC_FIPS_FUNC_TEST
-obj-$(CONFIG_CRYPTO_SKC_FIPS) += fips140_out.o
-obj-$(CONFIG_CRYPTO_SKC_FIPS) += fips140_integrity.o
-obj-$(CONFIG_CRYPTO_SKC_FIPS) += fips140_post.o
-obj-$(CONFIG_CRYPTO_SKC_FIPS) += fips140_test.o
-obj-$(CONFIG_CRYPTO_SKC_FIPS) += fips140_3_services.o
-
 obj-$(CONFIG_CRYPTO) += crypto.o
 crypto-y := api.o cipher.o compress.o
 
@@ -175,7 +167,6 @@ obj-$(CONFIG_CRYPTO_842) += 842.o
 obj-$(CONFIG_CRYPTO_RNG2) += rng.o
 obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o
 obj-$(CONFIG_CRYPTO_DRBG) += drbg.o
-obj-$(CONFIG_CRYPTO_SKC_FIPS) += drbg_mdfpp_cast.o
 obj-$(CONFIG_CRYPTO_JITTERENTROPY) += jitterentropy_rng.o
 CFLAGS_jitterentropy.o = -O0
 KASAN_SANITIZE_jitterentropy.o = n

crypto/api.c

@@ -23,10 +23,6 @@
 #include <linux/completion.h>
 #include "internal.h"
 
-#ifdef CONFIG_CRYPTO_SKC_FIPS_FUNC_TEST
-#include "fips140_test.h"
-#endif
-
 LIST_HEAD(crypto_alg_list);
 EXPORT_SYMBOL_GPL(crypto_alg_list);
 DECLARE_RWSEM(crypto_alg_sem);
@@ -667,23 +663,7 @@ void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
 		alg->cra_exit(tfm);
 	crypto_exit_ops(tfm);
 	crypto_mod_put(alg);
-#ifdef CONFIG_CRYPTO_SKC_FIPS_FUNC_TEST
-	if (!strcmp("zeroization", get_fips_functest_mode())) {
-		size_t mem_size = ksize(mem);
-
-		pr_err("FIPS FUNC : Zeroization, mem area before: %s %zu\n", __func__, mem_size);
-		print_hex_dump(KERN_INFO, "FIPS FUNC : ", DUMP_PREFIX_OFFSET,
-			16, 1, mem, mem_size, false);
-		kfree_sensitive(mem);
-		pr_err("FIPS FUNC : Zeroization, mem area after: %s %zu\n", __func__, mem_size);
-		print_hex_dump(KERN_INFO, "FIPS FUNC : ", DUMP_PREFIX_OFFSET,
-			16, 1, mem, mem_size, false);
-	} else {
-		kfree_sensitive(mem);
-	}
-#else
 	kfree_sensitive(mem);
-#endif /* CONFIG_CRYPTO_SKC_FIPS_FUNC_TEST */
 }
 EXPORT_SYMBOL_GPL(crypto_destroy_tfm);
 

crypto/drbg.c

@@ -102,15 +102,6 @@
 #include <linux/kernel.h>
 #include <linux/jiffies.h>
 
-/*
- * The section is added in accordance with MDFPP requirements.
- * Further, the CONFIG_CRYPTO_SKC_FIPS should be replaced by
- * the MDFPP relevant config.
- */
-#ifdef CONFIG_CRYPTO_SKC_FIPS
-#include "drbg_mdfpp_cast.h"
-#endif
-
 /***************************************************************
  * Backend cipher definitions available to DRBG
  ***************************************************************/
@@ -2146,19 +2137,7 @@ static int __init drbg_init(void)
 		drbg_fill_array(&drbg_algs[i], &drbg_cores[j], 1);
 	for (j = 0; ARRAY_SIZE(drbg_cores) > j; j++, i++)
 		drbg_fill_array(&drbg_algs[i], &drbg_cores[j], 0);
-	ret = crypto_register_rngs(drbg_algs, (ARRAY_SIZE(drbg_cores) * 2));
-
-/*
- * The section is added in accordance with MDFPP requirements.
- * Further, the CONFIG_CRYPTO_SKC_FIPS should be replaced by
- * the MDFPP relevant config.
- */
-#ifdef CONFIG_CRYPTO_SKC_FIPS
-	/* Call CASTs, in case of fail the kernel panic will be initiated. */
-	drbg_mdfpp_cast();
-#endif
-
-	return ret;
+	return crypto_register_rngs(drbg_algs, (ARRAY_SIZE(drbg_cores) * 2));
 }
 
 static void __exit drbg_exit(void)

crypto/hmac.c

@@ -22,10 +22,6 @@
 #include <linux/scatterlist.h>
 #include <linux/string.h>
 
-#if defined(CONFIG_CRYPTO_SKC_FIPS)
-#include "fips140_3_services_internal.h"
-#endif  // CONFIG_CRYPTO_SKC_FIPS
-
 struct hmac_ctx {
 	struct crypto_shash *hash;
 };
@@ -56,10 +52,6 @@ static int hmac_setkey(struct crypto_shash *parent,
 	SHASH_DESC_ON_STACK(shash, hash);
 	unsigned int i;
 
-#if defined(CONFIG_CRYPTO_SKC_FIPS)
-	crypto_hmac_set_key_approve_status(parent, keylen);
-#endif  // CONFIG_CRYPTO_SKC_FIPS
-
 	if (fips_enabled && (keylen < 112 / 8))
 		return -EINVAL;
 
@@ -130,10 +122,6 @@ static int hmac_final(struct shash_desc *pdesc, u8 *out)
 	char *opad = crypto_shash_ctx_aligned(parent) + ss;
 	struct shash_desc *desc = shash_desc_ctx(pdesc);
 
-#if defined(CONFIG_CRYPTO_SKC_FIPS)
-	calc_final_state_service_indicator(parent);
-#endif  // CONFIG_CRYPTO_SKC_FIPS
-
 	return crypto_shash_final(desc, out) ?:
 	       crypto_shash_import(desc, opad) ?:
 	       crypto_shash_finup(desc, out, ds, out);
@@ -149,10 +137,6 @@ static int hmac_finup(struct shash_desc *pdesc, const u8 *data,
 	char *opad = crypto_shash_ctx_aligned(parent) + ss;
 	struct shash_desc *desc = shash_desc_ctx(pdesc);
 
-#if defined(CONFIG_CRYPTO_SKC_FIPS)
-	calc_final_state_service_indicator(parent);
-#endif  // CONFIG_CRYPTO_SKC_FIPS
-
 	return crypto_shash_finup(desc, data, nbytes, out) ?:
 	       crypto_shash_import(desc, opad) ?:
 	       crypto_shash_finup(desc, out, ds, out);