diff --git a/crypto/Makefile b/crypto/Makefile index 7cb011dd2828..8c09b56133ee 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -203,17 +203,18 @@ obj-$(CONFIG_CRYPTO_SIMD) += crypto_simd.o ifneq ($(CONFIG_CRYPTO_FIPS140_MOD),) -FIPS140_CFLAGS := -D__DISABLE_EXPORTS -DBUILD_FIPS140_KO \ - -include $(srctree)/crypto/fips140-defs.h +FIPS140_CFLAGS := -DBUILD_FIPS140_KO -include $(srctree)/crypto/fips140-defs.h CFLAGS_jitterentropy-fips.o := -O0 KASAN_SANITIZE_jitterentropy-fips.o = n UBSAN_SANITIZE_jitterentropy-fips.o = n +# Compile an extra copy of various crypto algorithms into the fips140 module. # -# Create a separate FIPS archive containing a duplicate of each builtin generic -# module that is in scope for FIPS 140-2 certification -# +# Note: the module will still work if some files are removed from here. +# However, it may affect FIPS certifiability. Don't remove files from here +# without considering impact on FIPS certifiability. + crypto-fips-objs := drbg.o ecb.o cbc.o ctr.o cts.o gcm.o xts.o hmac.o cmac.o \ gf128mul.o aes_generic.o lib-crypto-aes.o \ jitterentropy.o jitterentropy-kcapi.o \ @@ -224,8 +225,6 @@ crypto-fips-objs := $(foreach o,$(crypto-fips-objs),$(o:.o=-fips.o)) # get the arch to add its objects to $(crypto-fips-objs) include $(srctree)/arch/$(ARCH)/crypto/Kbuild.fips140 -extra-$(CONFIG_CRYPTO_FIPS140_MOD) += crypto-fips.a - $(obj)/%-fips.o: KBUILD_CFLAGS += $(FIPS140_CFLAGS) $(obj)/%-fips.o: $(src)/%.c FORCE $(call if_changed_rule,cc_o_c) @@ -234,15 +233,12 @@ $(obj)/lib-%-fips.o: $(srctree)/lib/%.c FORCE $(obj)/lib-crypto-%-fips.o: $(srctree)/lib/crypto/%.c FORCE $(call if_changed_rule,cc_o_c) -$(obj)/crypto-fips.a: $(addprefix $(obj)/,$(crypto-fips-objs)) FORCE - $(call if_changed,ar_and_symver) - fips140-objs := \ fips140-alg-registration.o \ fips140-module.o \ fips140-refs.o \ fips140-selftests.o \ - crypto-fips.a + $(crypto-fips-objs) fips140-$(CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING) += \ fips140-eval-testing.o obj-m += fips140.o diff --git a/crypto/fips140-defs.h b/crypto/fips140-defs.h index e64a2f739aa9..9005f9513308 100644 --- a/crypto/fips140-defs.h +++ b/crypto/fips140-defs.h @@ -3,10 +3,43 @@ * Copyright 2021 Google LLC * * This file is automatically included by all files built into fips140.ko, via - * the "-include" compiler flag. It redirects all calls to algorithm - * registration functions to the wrapper functions defined within the module. + * the "-include" compiler flag. */ +/* + * fips140.ko is built from various unmodified or minimally modified kernel + * source files, many of which are normally meant to be buildable into different + * modules themselves. That results in conflicting instances of module_init() + * and related macros such as MODULE_LICENSE(). + * + * To solve that, we undefine MODULE to trick the kernel headers into thinking + * the code is being compiled as built-in. That causes module_init() and + * related macros to be expanded as they would be for built-in code; e.g., + * module_init() adds the function to the .initcalls section of the binary. + * + * The .c file that contains the real module_init() for fips140.ko is then + * responsible for redefining MODULE, and the real module_init() is responsible + * for executing all the initcalls that were collected into .initcalls. + */ +#undef MODULE + +/* + * Defining KBUILD_MODFILE is also required, since the kernel headers expect it + * to be defined when code that can be a module is compiled as built-in. + */ +#define KBUILD_MODFILE "crypto/fips140" + +/* + * Disable symbol exports by default. fips140.ko includes various files that + * use EXPORT_SYMBOL*(), but it's unwanted to export any symbols from fips140.ko + * except where explicitly needed for FIPS certification reasons. + */ +#define __DISABLE_EXPORTS + +/* + * Redirect all calls to algorithm registration functions to the wrapper + * functions defined within the module. + */ #define aead_register_instance fips140_aead_register_instance #define ahash_register_instance fips140_ahash_register_instance #define crypto_register_aead fips140_crypto_register_aead diff --git a/crypto/fips140-module.c b/crypto/fips140-module.c index 6aa0c13db4bb..6412ad6c1234 100644 --- a/crypto/fips140-module.c +++ b/crypto/fips140-module.c @@ -14,6 +14,12 @@ * don't need to meet these requirements. */ +/* + * Since this .c file is the real entry point of fips140.ko, it needs to be + * compiled normally, so undo the hacks that were done in fips140-defs.h. + */ +#define MODULE +#undef KBUILD_MODFILE #undef __DISABLE_EXPORTS #include