linuxkm: handle RHEL9 disabled akcipher sign/decrypt ops

RHEL9 kernels (9.6+) disable RSA signing and decryption in the kernel
crypto API for security reasons (CVE-2023-6240). The kernel forcibly
overwrites akcipher sign/decrypt callbacks to return -ENOSYS, regardless
of what the driver provides.

Commit 3709c35c in the RHEL kernel:
"crypto: akcipher - Disable signing and decryption"

This affects our self-tests which call crypto_akcipher_sign() and
crypto_akcipher_decrypt(). On RHEL9, these operations return -ENOSYS
even though our driver correctly implements them.

Add compile-time checks for RHEL_RELEASE_CODE >= 9.6 to detect this
scenario and skip the affected self-tests gracefully. The tests pass
since the algorithms are registered correctly; the kernel simply
refuses to execute sign/decrypt operations as a matter of policy.

Note: encrypt and verify operations are unaffected and continue to be
tested normally.

Signed-off-by: Sameeh Jubran <[email protected]>

Author: sameehj

linuxkm/lkcapi_rsa_glue.c

@@ -27,6 +27,12 @@
     #error lkcapi_rsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
 #endif
 
+#ifdef RHEL_RELEASE_CODE
+    #include <linux/rhel_versions.h>
+#elif
+    #define RHEL_RELEASE_VERSION(a, b) (((a) << 8) + (b))
+#endif
+
 #if !defined(NO_RSA)
     #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
          (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_RSA))) && \
@@ -2347,6 +2353,14 @@ static int linuxkm_test_rsa_driver(const char * driver, int nbits)
 
     memset(dec, 0, key_len);
     ret = crypto_akcipher_decrypt(req);
+   #if defined(RHEL_RELEASE_CODE) && defined(RHEL_RELEASE_VERSION) && \
+              (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(9, 6))
+    if (ret == -ENOSYS) {
+        pr_info("info: skipping crypto_akcipher_decrypt (disabled by RHEL policy)\n");
+        test_rc = 0;
+        goto test_rsa_end;
+    }
+    #endif
     if (ret) {
         pr_err("error: crypto_akcipher_decrypt returned: %d\n", ret);
         goto test_rsa_end;
@@ -2721,6 +2735,14 @@ static int linuxkm_test_pkcs1pad_driver(const char * driver, int nbits,
     akcipher_request_set_crypt(req, &src, &dst, hash_len, key_len);
 
     ret = crypto_akcipher_sign(req);
+    #if defined(RHEL_RELEASE_CODE) && defined(RHEL_RELEASE_VERSION) && \
+               (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(9, 6))
+    if (ret == -ENOSYS) {
+        pr_info("info: skipping crypto_akcipher_sign (disabled by RHEL policy)\n");
+        test_rc = 0;
+        goto test_pkcs1_end;
+    }
+    #endif
     if (ret) {
         pr_err("error: crypto_akcipher_sign returned: %d\n", ret);
         test_rc = BAD_FUNC_ARG;
@@ -2847,6 +2869,14 @@ static int linuxkm_test_pkcs1pad_driver(const char * driver, int nbits,
     }
 
     ret = crypto_akcipher_decrypt(req);
+    #if defined(RHEL_RELEASE_CODE) && defined(RHEL_RELEASE_VERSION) && \
+               (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(9, 6))
+    if (ret == -ENOSYS) {
+        pr_info("info: skipping crypto_akcipher_decrypt (disabled by RHEL policy)\n");
+        test_rc = 0;
+        goto test_pkcs1_end;
+    }
+    #endif
     if (ret) {
         pr_err("error: crypto_akcipher_decrypt returned: %d\n", ret);
         test_rc = BAD_FUNC_ARG;