[][kernel][common][Add patch to achieve fips140-3 compliance]
[Description]
Add patch, 999-2850-fips-140-3-compliance.patch, to change
MAXSIZE form 128 to 256 in algif_rng.c and add config in
crypto/Kconfig
[Release-log]
Change-Id: Iaccc5801f5c5dd1b0e6339af2ceb6ec19f6cb3d0
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/8258074
diff --git a/target/linux/mediatek/patches-5.4/999-2850-fips-140-3-compliance.patch b/target/linux/mediatek/patches-5.4/999-2850-fips-140-3-compliance.patch
new file mode 100644
index 0000000..41f2da4
--- /dev/null
+++ b/target/linux/mediatek/patches-5.4/999-2850-fips-140-3-compliance.patch
@@ -0,0 +1,69 @@
+--- a/crypto/Kconfig
++++ b/crypto/Kconfig
+@@ -1823,6 +1823,19 @@ config CRYPTO_JITTERENTROPY
+ random numbers. This Jitterentropy RNG registers with
+ the kernel crypto API and can be used by any caller.
+
++config CRYPTO_CPU_JITTERENTROPY_DEBUG
++ bool "Jitterentropy DEBUG FS"
++ default n
++ select CRYPTO_USER
++ select CRYPTO_JITTERENTROPY
++ select CRYPTO_USER_API_RNG
++ help
++ Enable the DebugFS interface of the CPU Jitter
++ random number generator. It is solely intended
++ to aid testing and for performing statistical
++ and entropy analyses. You should say no
++ unless you know what you are doing.
++
+ config CRYPTO_USER_API
+ tristate
+
+@@ -1853,6 +1868,17 @@ config CRYPTO_USER_API_RNG
+ This option enables the user-spaces interface for random
+ number generator algorithms.
+
++config CRYPTO_USER_API_RNG_CAVP
++ bool "Enable CAVP testing of DRBG"
++ select CRYPTO_USER_API_HASH
++ select CRYPTO_DRBG
++ default n
++ help
++ This option enables extra API for CAVP testing via the user-space
++ interface: resetting of DRBG entropy, and providing Additional Data.
++ This should only be enabled for CAVP testing. You should say
++ no unless you know what this is.
++
+ config CRYPTO_USER_API_AEAD
+ tristate "User-space interface for AEAD cipher algorithms"
+ depends on NET
+@@ -1879,6 +1904,16 @@ config CRYPTO_STATS
+ config CRYPTO_HASH_INFO
+ bool
+
++config CRYPTO_CAVP_TEST
++ bool "Enable CAVP testing of DRBG and JITTERRNG"
++ select CRYPTO_DRBG
++ select CRYPTO_DRBG_MENU
++ select CRYPTO_CPU_JITTERENTROPY_DEBUG
++ select CRYPTO_USER_API_RNG_CAVP
++ default n
++ help
++ This option enables DRBG CAVP test and JITTERENG CMVP test
++
+ source "lib/crypto/Kconfig"
+ source "drivers/crypto/Kconfig"
+ source "crypto/asymmetric_keys/Kconfig"
+
+--- a/crypto/algif_rng.c
++++ b/crypto/algif_rng.c
+@@ -51,7 +51,7 @@ MODULE_AUTHOR("Stephan Mueller <smueller
+ MODULE_DESCRIPTION("User-space interface for random number generators");
+
+ struct rng_ctx {
+-#define MAXSIZE 128
++#define MAXSIZE 256
+ unsigned int len;
+ struct crypto_rng *drng;
+ u8 *addtl;