linuxkm: support DRBG in LKCAPI shim set:

* Implement --enable-linuxkm-lkcapi-register=stdrng and =stdrng-default,
  LINUXKM_LKCAPI_REGISTER_HASH_DRBG, and
  LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT.  With "_DEFAULT", the DRBG is
  installed as the systemwide default stdrng, necessitating
  deregister-on-command, described below.  Note that get_random_bytes() and the
  associated /dev/random and /dev/urandom do not use the default stdrng, and
  their back end cannot currently be replaced by a module.

* Add control nodes /sys/module/libwolfssl/install_algs and
  /sys/module/libwolfssl/deinstall_algs.

* Add configure option --enable-linuxkm-lkcapi-register=sysfs-nodes-only, and
  macro LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND, to inhibit registration at
  module load time.

In configure.ac ENABLED_LINUXKM_LKCAPI_REGISTER setup, don't define
  WOLFSSL_DH_GEN_PUB in old FIPS, but do define it for =all.

linuxkm/module_hooks.c

@@ -316,6 +316,16 @@ static int wolfssl_init(void)
 #endif
 
 #ifdef LINUXKM_LKCAPI_REGISTER
+#ifdef LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND
+    ret = linuxkm_lkcapi_sysfs_install();
+
+    if (ret) {
+        pr_err("linuxkm_lkcapi_sysfs_install() failed with return code %d.\n", ret);
+        (void)libwolfssl_cleanup();
+        msleep(10);
+        return -ECANCELED;
+    }
+#else /* !LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND */
     ret = linuxkm_lkcapi_register();
 
     if (ret) {
@@ -325,7 +335,8 @@ static int wolfssl_init(void)
         msleep(10);
         return -ECANCELED;
     }
-#endif
+#endif /* !LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND */
+#endif /* LINUXKM_LKCAPI_REGISTER */
 
 #ifdef WOLFSSL_LINUXKM_BENCHMARKS
     wolfcrypt_benchmark_main(0, (char**)NULL);
@@ -365,7 +376,8 @@ static void wolfssl_exit(void)
 #endif
 {
 #ifdef LINUXKM_LKCAPI_REGISTER
-    linuxkm_lkcapi_unregister();
+    (void)linuxkm_lkcapi_unregister();
+    (void)linuxkm_lkcapi_sysfs_deinstall();
 #endif
 
     (void)libwolfssl_cleanup();