New subject: [OS-BUILD PATCHv3 1/2] Embed crypto algos, modes and templates needed in the FIPS mode

19 May 2021


      From: Vladis Dronov on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1125
```
Currently a number of FIPS-allowed algorithms are built as modules or
are
not enabled in Fedora and ARK. This can result in a panic while booting
in the FIPS mode. Fix this by embedding the FIPS-allowed algorithms,
modes
and templates into a kernel, the same way as CTC, CBC and other
algorithms
already do.
The below is a detailed description of a current state and changes
suggested
in this patchset in a readable form:
$ git grep CRYPTO_SHA3
common/generic/CONFIG_CRYPTO_SHA3:CONFIG_CRYPTO_SHA3=m          ###
should be =y
$ git grep CRYPTO_RSA
fedora/generic/CONFIG_CRYPTO_RSA:CONFIG_CRYPTO_RSA=y            ###
unify, set =y
$ git grep CRYPTO_NULL
fedora/generic/CONFIG_CRYPTO_NULL:CONFIG_CRYPTO_NULL=y          ###
should be common
$ git grep -e
'CRYPTO_(ECB|CBC|CTR|XTS|GCM|CCM|AUTH|HMAC|CMAC|OFB|CTS)'
   ark/generic/CONFIG_CRYPTO_XTS:CONFIG_CRYPTO_XTS=m            ###
unify, set to =y
fedora/generic/CONFIG_CRYPTO_XTS:CONFIG_CRYPTO_XTS=y            ###
unify, set to =y
common/generic/CONFIG_CRYPTO_CCM:CONFIG_CRYPTO_CCM=m            ### set
to =y
common/generic/CONFIG_CRYPTO_AUTHENC:CONFIG_CRYPTO_AUTHENC=m    ### set
to =y
common/generic/CONFIG_CRYPTO_CMAC:CONFIG_CRYPTO_CMAC=m          ### set
to =y
common/generic/CONFIG_CRYPTO_OFB:CONFIG_CRYPTO_OFB=m            ### set
to =y
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1947240
Signed-off-by: Vladis Dronov vdronov@redhat.com
```

[OS-BUILD PATCHv3 0/2] [redhat] Embed crypto algos, modes and templates needed in the FIPS mode