From: Eric Biggers <ebiggers@kernel.org>
To: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
Daniel Gomez <da.gomez@kernel.org>,
Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Wang, Jay" <wanjay@amazon.com>,
Nicolai Stange <nstange@suse.com>,
Vladis Dronov <vdronov@redhat.com>,
Stephan Mueller <smueller@chronox.de>,
Sami Tolvanen <samitolvanen@google.com>,
linux-modules@vger.kernel.org
Subject: Re: [PATCH RFC 026/104] crypto: fips140: convert lib/crypto/sha256.c to using crypto API wrappers
Date: Thu, 4 Sep 2025 21:29:06 +0000 [thread overview]
Message-ID: <20250904212906.GD854551@google.com> (raw)
In-Reply-To: <20250904155216.460962-27-vegard.nossum@oracle.com>
On Thu, Sep 04, 2025 at 05:50:58PM +0200, Vegard Nossum wrote:
> /**
> * sha256() - Compute SHA-256 message digest in one shot
> @@ -373,7 +392,9 @@ void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
> *
> * Context: Any context.
> */
> -void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]);
> +DECLARE_CRYPTO_API(sha256, void,
> + (const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]),
> + (data, len, out));
This makes all these function declarations awfully hard to read... If
fips140.ko is really going to be supported at all, perhaps it would make
more sense for the override to happen in the function implementations?
E.g. the first line of the sha256() function implementation would be
FIPS_CALL(sha256, data, len, out) or similar, and that would either do
nothing, or call the sha256() from fips140.ko and return.
I think that would be *slightly* less invasive. Though of course it
doesn't get around the problem that the fips140.ko override support
still has to be handled individually for every function...
- Eric
next prev parent reply other threads:[~2025-09-04 21:29 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 001/104] params: use arch_initcall to initialize params sysfs earlier Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 002/104] Revert "Revert "crypto: shash - avoid comparing pointers to exported functions under CFI"" Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 003/104] crypto/jitterentropy: remove linux/fips.h include Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 004/104] crypto: api - Disallow identical template names Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 005/104] crypto: hide crypto_default_rng variable Vegard Nossum
2025-09-11 5:48 ` Herbert Xu
2025-09-04 15:50 ` [PATCH RFC 006/104] KEYS: trusted: eat -ENOENT from the crypto API Vegard Nossum
2025-09-04 20:22 ` Linus Torvalds
2025-09-04 20:37 ` Eric Biggers
2025-09-04 15:50 ` [PATCH RFC 007/104] testmgr: standardize alg/driver output in logs Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 008/104] arch/x86/boot/string.h: override memmove()/strlen() Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 009/104] certs/system_keyring: export restrict_link_by_builtin_*trusted Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 010/104] crypto/testmgr: make fips_allowed a bit set Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 011/104] crypto/testmgr: mark non-crypto algorithms Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 012/104] crypto/algapi: don't init algapi in fips mode Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 013/104] crypto/algapi.c: disable crypto_check_module_sig() for FIPS module Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 014/104] crypto/testmgr: add helper to alg_test() Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 015/104] crypto: pass struct crypto_alg directly " Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 016/104] crypto: alg - add CRYPTO_ALG_FIPS_PROVIDED flag Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 017/104] crypto: testmgr: check that we got the expected alg Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 018/104] crypto: make sure crypto_alg_tested() finds the correct algorithm Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 019/104] module: add load_module_mem() helper Vegard Nossum
2025-09-29 9:47 ` Petr Pavlu
2025-09-04 15:50 ` [PATCH RFC 020/104] module: add a mechanism for pluggable crypto APIs Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 021/104] crypto: fips140: include crypto/api.h in a few places Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 022/104] crypto: fips140: convert lib/crypto/aes.c to using crypto API wrappers Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 023/104] crypto: fips140: convert lib/crypto/aesgcm.c " Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 024/104] crypto: fips140: convert lib/crypto/gf128mul.c " Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 025/104] crypto: fips140: convert lib/crypto/memneq.c " Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 026/104] crypto: fips140: convert lib/crypto/sha256.c " Vegard Nossum
2025-09-04 21:29 ` Eric Biggers [this message]
2025-09-04 15:50 ` [PATCH RFC 027/104] crypto: fips140: convert lib/crypto/sha512.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 028/104] crypto: fips140: convert lib/crypto/utils.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 029/104] crypto: fips140: convert crypto/aead.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 030/104] crypto: fips140: convert crypto/aes_generic.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 031/104] crypto: fips140: convert crypto/ahash.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 032/104] crypto: fips140: convert crypto/akcipher.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 033/104] crypto: fips140: convert crypto/algapi.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 034/104] crypto: fips140: convert crypto/algboss.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 035/104] crypto: fips140: convert crypto/api.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 036/104] crypto: fips140: convert crypto/authenc.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 037/104] crypto: fips140: convert crypto/authencesn.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 038/104] crypto: fips140: convert crypto/cbc.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 039/104] crypto: fips140: convert crypto/ccm.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 040/104] crypto: fips140: convert crypto/cipher.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 041/104] crypto: fips140: convert crypto/cmac.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 042/104] crypto: fips140: convert crypto/cryptd.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 043/104] crypto: fips140: convert crypto/ctr.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 044/104] crypto: fips140: convert crypto/dh.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 045/104] crypto: fips140: convert crypto/dh_helper.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 046/104] crypto: fips140: convert crypto/drbg.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 047/104] crypto: fips140: convert crypto/ecb.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 048/104] crypto: fips140: convert crypto/ecc.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 049/104] crypto: fips140: convert crypto/ecdh.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 050/104] crypto: fips140: convert crypto/ecdh_helper.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 051/104] crypto: fips140: convert crypto/ecdsa.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 052/104] crypto: fips140: convert crypto/echainiv.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 053/104] crypto: fips140: convert crypto/essiv.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 054/104] crypto: fips140: convert crypto/gcm.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 055/104] crypto: fips140: convert crypto/geniv.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 056/104] crypto: fips140: convert crypto/ghash-generic.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 057/104] crypto: fips140: convert crypto/hmac.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 058/104] crypto: fips140: convert crypto/jitterentropy-kcapi.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 059/104] crypto: fips140: convert crypto/kpp.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 060/104] crypto: fips140: convert crypto/lskcipher.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 061/104] crypto: fips140: convert crypto/pcrypt.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 062/104] crypto: fips140: convert crypto/rng.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 063/104] crypto: fips140: convert crypto/rsa.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 064/104] crypto: fips140: convert crypto/rsa_helper.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 065/104] crypto: fips140: convert crypto/seqiv.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 066/104] crypto: fips140: convert crypto/sha1.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 067/104] crypto: fips140: convert crypto/sha256.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 068/104] crypto: fips140: convert crypto/sha3_generic.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 069/104] crypto: fips140: convert crypto/sha512.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 070/104] crypto: fips140: convert crypto/shash.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 071/104] crypto: fips140: convert crypto/sig.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 072/104] crypto: fips140: convert crypto/simd.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 073/104] crypto: fips140: convert crypto/skcipher.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 074/104] crypto: fips140: convert crypto/tcrypt.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 075/104] crypto: fips140: convert crypto/testmgr.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 076/104] crypto: fips140: convert crypto/xts.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 077/104] crypto: fips140: convert crypto/asymmetric_keys/asymmetric_type.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 078/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_key_type.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 079/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_parser.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 080/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_trust.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 081/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_verify.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 082/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs8_parser.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 083/104] crypto: fips140: convert crypto/asymmetric_keys/public_key.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 084/104] crypto: fips140: convert crypto/asymmetric_keys/selftest.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 085/104] crypto: fips140: convert crypto/asymmetric_keys/signature.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 086/104] crypto: fips140: convert crypto/asymmetric_keys/x509_cert_parser.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 087/104] crypto: fips140: convert crypto/asymmetric_keys/x509_loader.c " Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 088/104] crypto: fips140: convert crypto/asymmetric_keys/x509_public_key.c " Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 089/104] crypto: fips140: manual fixups for include/keys/asymmetric-type.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 090/104] crypto: fips140: manual fixups for include/crypto/sha2.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 091/104] crypto: fips140: manual fixups for include/crypto/public_key.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 092/104] crypto: fips140: manual fixups for include/crypto/aes.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 093/104] crypto: fips140: manual fixups for crypto/internal.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 094/104] crypto: fips140: manual fixups for include/crypto/internal/ecc.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 095/104] crypto: fips140: manual fixups for include/crypto/internal/rsa.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 096/104] crypto: fips140: manual fixups for include/crypto/aes.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 097/104] crypto: fips140: manual fixups for lib/crypto/sha256.c Vegard Nossum
2025-09-04 21:35 ` Eric Biggers
2025-09-04 22:20 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 098/104] crypto: fips140: manual fixups for lib/crypto/sha512.c Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 099/104] crypto: fips140: add symlinks to kernel sources Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 100/104] crypto: fips140: add standalone FIPS 140 module Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 101/104] crypto: fips140: add FIPS 140 module loader Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 102/104] scripts/extract-fips140: new script Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 103/104] Documentation/crypto: add fips140.rst Vegard Nossum
2025-09-04 22:14 ` Randy Dunlap
2025-09-04 22:28 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 104/104] MAINTAINERS: add myself as FIPS140 standalone module maintainer Vegard Nossum
2025-09-11 5:53 ` [RFC] crypto: support for a standalone FIPS 140 module Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250904212906.GD854551@google.com \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=da.gomez@kernel.org \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=nstange@suse.com \
--cc=petr.pavlu@suse.com \
--cc=samitolvanen@google.com \
--cc=smueller@chronox.de \
--cc=vdronov@redhat.com \
--cc=vegard.nossum@oracle.com \
--cc=wanjay@amazon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).