xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ANDROID: fips140: define fips_enabled to 1 to enable FIPS behavior

Browse Source 
In fips140.ko, enable the behavior that the upstream fips_enabled flag
controls, such as the XTS weak key check which apparently is required.

Note that some of this behavior, such as the DRBG continuity check, is
allegedly not required.  But to ensure we don't miss anything that was
already handled upstream, it seems best to define fips_enabled to 1.  We
can still disable anything that turns out to be problematic.

Bug: 153614920
Bug: 188620248
Change-Id: Idcded9e69e7d7cdf7f2937009af209857b0c08e2
Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Eric Biggers
2021-07-08 14:46:46 -07:00
committed by Ard Biesheuvel
parent e886dd4c33
commit 2742be5903
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
include/linux/fips.h
View File

@@ -2,7 +2,15 @@
#ifndef _FIPS_H #ifndef _FIPS_H
#define _FIPS_H #define _FIPS_H
#ifdef CONFIG_CRYPTO_FIPS #ifdef BUILD_FIPS140_KO
/*
* In fips140.ko, enable the behavior that the upstream fips_enabled flag
* controls, such as the XTS weak key check.
*/
#define fips_enabled 1
#define CONFIG_CRYPTO_FIPS 1
#elif defined(CONFIG_CRYPTO_FIPS)
extern int fips_enabled; extern int fips_enabled;
extern struct atomic_notifier_head fips_fail_notif_chain; extern struct atomic_notifier_head fips_fail_notif_chain;