Define fips_/nonfips_ variants of crypto_aes_*sbox when the kernel is configured to use a standalone FIPS module. Vegard Nossum <vegard.nossum@xxxxxxxxxx> --- include/crypto/aes.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/crypto/aes.h b/include/crypto/aes.h index 77f5515c49c9..fc84ffcd00a7 100644 --- a/include/crypto/aes.h +++ b/include/crypto/aes.h @@ -101,6 +101,16 @@ DECLARE_CRYPTO_API(aes_decrypt, void, (const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in), (ctx, out, in)); +#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD +#ifdef FIPS_MODULE +#define crypto_aes_sbox fips_crypto_aes_sbox +#define crypto_aes_inv_sbox fips_crypto_aes_inv_sbox +#else +#define crypto_aes_sbox nonfips_crypto_aes_sbox +#define crypto_aes_inv_sbox nonfips_crypto_aes_inv_sbox +#endif +#endif + extern const u8 crypto_aes_sbox[]; extern const u8 crypto_aes_inv_sbox[]; -- 2.39.3
