ANDROID: fips140: add jitterentropy to fips140 module

Although jitterentropy doesn't necessarily need to be part of
fips140.ko, it does need to have the SP800-90B health tests enabled, and
that requires that it be compiled with the fips_enabled flag set.  The
easiest way to do this is just to include a copy of it in fips140.ko.

Bug: 153614920
Bug: 188620248
Change-Id: I9dc0281e07e08e0650e3d340897c697722ad3b1a
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit cae242110570eb204b1a332b717aaa35eb16647d)

crypto/Makefile

@@ -202,12 +202,17 @@ ifneq ($(CONFIG_CRYPTO_FIPS140_MOD),)
 
 FIPS140_CFLAGS := -D__DISABLE_EXPORTS -DBUILD_FIPS140_KO
 
+CFLAGS_jitterentropy-fips.o := -O0
+KASAN_SANITIZE_jitterentropy-fips.o = n
+UBSAN_SANITIZE_jitterentropy-fips.o = n
+
 #
 # Create a separate FIPS archive containing a duplicate of each builtin generic
 # module that is in scope for FIPS 140-2 certification
 #
 crypto-fips-objs := drbg.o ecb.o cbc.o ctr.o cts.o gcm.o xts.o hmac.o cmac.o \
 		    memneq.o gf128mul.o aes_generic.o lib-crypto-aes.o \
+		    jitterentropy.o jitterentropy-kcapi.o \
 		    sha1_generic.o sha256_generic.o sha512_generic.o \
 		    lib-sha1.o lib-crypto-sha256.o
 crypto-fips-objs := $(foreach o,$(crypto-fips-objs),$(o:.o=-fips.o))

crypto/fips140-module.c

@@ -93,6 +93,7 @@ static const char * const fips140_algorithms[] __initconst = {
 	"sha512",
 
 	"stdrng",
+	"jitterentropy_rng",
 };
 
 static bool __init is_fips140_algo(struct crypto_alg *alg)