* [RFC] crypto: support for a standalone FIPS 140 module
@ 2025-09-04 15:50 Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 001/104] params: use arch_initcall to initialize params sysfs earlier Vegard Nossum
` (104 more replies)
0 siblings, 105 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Hi all,
This patch set adds support for building and loading a standalone FIPS
140 module. This is mostly useful for distributions that want to certify
their kernel's crypto code with NIST. Please see
Documentation/crypto/fips140.rst for more details.
I apologize for the large patch series. I could have squashed
it down to fewer commits but it would really make it harder to see
what's going on.
A note on terminology, since this is a source of confusion: a "FIPS
module" in NIST jargon means the binary blob submitted for FIPS
certification (i.e. typically the entire kernel), and has nothing to do
with kernel modules per se. However, in this proposal, the "FIPS module"
does actually also correspond to a singular kernel module, fips140.ko.
FIPS certifications validate a specific binary, not the source code used
to build it. Currently, most if not all distros submit the entire kernel
for certification, and the binary certification is invalidated if any
part of the kernel changes -- even if those changes are unrelated to
cryptography. Fortunately the FIPS process allows for vendors to "attest"
that the changes don't affect cryptographic operations within the kernel,
but the fact remains that the binary certification is technically
obsolete as soon as any bug or security fix is applied to the kernel.
This proposal attempts to separate the crypto part of the FIPS module
from the rest of the kernel. This allows us to freeze the binary FIPS
module and reuse it in newer versions of the kernel without invalidating
the certificate on the FIPS module.
There are a few different challenges in such a separation:
- The kernel has no stable internal API and the mere idea of having
stable internal APIs (or ABIs) has already been strongly rebuked.
In practice, most kernel APIs tend to be relatively stable over
multiple years and especially within stable releases, and most
general-purpose distros do freeze at least parts of the kernel API
for the lifetime of their product in order to support third party
(out-of-tree) modules.
- FIPS mandates that certified crypto code must not be used before
it has been self-tested, i.e. the FIPS module needs to run a set of
self-tests before it can be used by the rest of the kernel. Combined
with the fact that the kernel uses crypto code during boot (e.g. for
TPMs) and during module loading, this presents a chicken-and-egg
problem where crypto code cannot be used before it's loaded, but it
cannot be loaded without being used.
- The crypto API provides a way to combine basic algorithms into
composite algorithms, e.g. hmac + sha256 => hmac(sha256). In this
case, ALL of the code involved must be part of the FIPS module.
- Built-in kernel code (e.g. vmlinux code) may call the crypto API,
which means it cannot simply be built as a regular kernel module,
since you would get linker errors if the crypto API functions are
defined in modules.
This patch set provides a solution to all of the above challenges:
- We do not require the upstream kernel to maintain an internal stable
API. The API can change freely and the burden is entirely on
individual distros to ensure they don't change APIs in their own
kernels between two versions that are supposed to use the same binary
FIPS module.
- We build the individual crypto algorithms AND the entire kernel
crypto API into a single binary kernel module, fips140.ko. Using C
macros and the "static calls" mechanism, every crypto API entry point
is turned into a static call so that the entire crypto API can be
swapped out at runtime with the implementation from the FIPS module.
This solves the problem of crypto templates and composite algorithms,
since all the code necessary to use a composite algorithm will exist
within the FIPS module.
This also solves the problem of built-in code calling functions
provided by a module, since the callers are linked with the non-FIPS
versions of the functions by default, thus avoiding linker errors.
- fips140.ko is embedded into vmlinux as a byte array and loaded during
early boot to ensure all cryptographic operations are performed by
code from the FIPS module -- this also obviates the need to perform
module signature verification on fips140.ko, as everything in vmlinux
is already trusted by definition.
Moving on to the actual implementation, it should be noted that the
kernel already has a notion of FIPS compliance -- it has infrastructure
in place to annotate which algorithms are approved or allowed by NIST, for
example, and to ensure all implementations are self-tested before use. We
make use of this existing infrastructure to a large degree.
Here is an overview of the changes we make:
- We add a new top-level directory, fips140/, which mirrors the
structure of the kernel itself: fips140/crypto/, fips/lib/crypto,
etc. All of the source files here are symlinks to the respective
files in the kernel tree (e.g. fips140/crypto/rng.c is a symlink to
crypto/rng.c).
This way we can build the code twice without having to maintain a
separate copy of the source. Again, it will be the responsibility of
individual distros to ensure compatibility between their binary FIPS
module and the rest of the kernel.
- We add a new header, include/crypto/api.h, which defines a number of
C macro wrappers to annotate the part of the kernel crypto API that
is be considered part of the FIPS module.
A lot of the code under crypto/ needs to be converted to use these
macros. For example, instead of:
// in .h
int crypto_foo(const char *name);
// in .c
int crypto_foo(const char *name)
{
...
}
EXPORT_SYMBOL_GPL(crypto_foo);
You need to write:
// in .h
DECLARE_CRYPTO_API(crypto_foo, int, (const char *name), (name));
// in .c
int CRYPTO_API(crypto_foo)(const char *name)
{
...
}
DEFINE_CRYPTO_API(crypto_foo);
This is unfortunate as it generates a lot of churn and makes the code
harder to read. We've tried to make it as lightweight as possible.
On kernels configured to use a standalone FIPS module, these
definitions will do the work of declaring and defining static call
keys for every function. Otherwise, they will just fall back to their
original forms (plain functions + exports).
There are a few more helpers, for example module_init(fn) needs to be
written as crypto_module_init(fn). We could have chosen to #undef and
redefine module_init() so that no source-level change would be
necessary, but we considered that being explicit about what is going
on is actually clearer (less confusing) in the end, even if it
results in more patches/changes.
- We add a new helper function to the kernel's module loader,
load_module_mem(), which can load a kernel module (i.e. fips140.ko)
from a byte array.
- A new file, crypto/fips140-loader.c, which is a fairly thin wrapper
around load_module_mem(), only built when the kernel is compiled with
standalone FIPS module support.
- We also change the module loader to automatically update the static
calls of the crypto API (the static call keys are stored in the
__crypto_api_keys section of the module).
- The module and its HMAC are stored in two new sections in vmlinux,
__fips140_module and __fips140_digest. (The HMAC/digest is needed for
the FIPS module's own integrity test -- another FIPS requirement.)
This also makes it easy to extract the binary FIPS module from a
vmlinux file for offline/external verification if necessary.
- We change the crypto API slightly to track which templates and
algorithms are provided by the FIPS module. This ensures e.g. that
no other kernel module can register their own implementation of AES
and trick the kernel into supplying it as a FIPS approved and
certified implementation. Each 'struct crypto_alg' carries a new
flag which signals whether it is provided by the FIPS module or not.
To build this, you need to ensure CONFIG_CRYPTO_FIPS140_EXTMOD is
enabled and then run:
# prepare for building out-of-tree module
make modules_prepare
# build fips140.ko as an out-of-tree module
make M=fips140 KBUILD_MODPOST_WARN=1
# generate fips140.hmac
cp fips140/fips140.ko crypto/
openssl dgst -sha256 -hmac "$(awk -F'"' '/^CONFIG_CRYPTO_FIPS140_HMAC_KEY=/{print $2}' .config)" -binary -out crypto/fips140.hmac crypto/fips140.ko
# build the rest of the kernel
make
This patch set borrows a small amount of code from Android's FIPS
module and was also partly inspired by prototype code shared by Amazon;
attributions are marked in the individual patches.
Let me also thank all my colleagues who contributed in some way to the
current version of this patch set:
- Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com>
- Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
- Sherry Yang <sherry.yang@oracle.com>
- Sriharsha Yadagudde <sriharsha.devdas@oracle.com>
- Ilya Okomin <ilya.okomin@oracle.com>
- John Haxby <john.haxby@oracle.com>
- Jose Marchesi <jose.marchesi@oracle.com>
- Hunter Barton <hunter.barton@oracle.com>
- Aleksandr Burmashev <alexander.burmashev@oracle.com>
- Todd Vierling <todd.vierling@oracle.com>
- Chuck Anderson <chuck.anderson@oracle.com>
- Stephan Mueller <smueller@chronox.de>
I have pushed a branch here which I will maintain going forwards:
https://git.kernel.org/pub/scm/linux/kernel/git/vegard/linux-fips140.git/log/?h=fips140
Some of these patches are general improvements that could be useful
even without merging the whole branch, e.g. some of the testmgr
changes. I've put these at the start of the branch so they can be
applied independently -- depending on feedback here, I may send them
out as independent patches as well.
Vegard
--
Vegard Nossum (104):
params: use arch_initcall to initialize params sysfs earlier
Revert "Revert "crypto: shash - avoid comparing pointers to exported
functions under CFI""
crypto/jitterentropy: remove linux/fips.h include
crypto: api - Disallow identical template names
crypto: hide crypto_default_rng variable
KEYS: trusted: eat -ENOENT from the crypto API
testmgr: standardize alg/driver output in logs
arch/x86/boot/string.h: override memmove()/strlen()
certs/system_keyring: export restrict_link_by_builtin_*trusted
crypto/testmgr: make fips_allowed a bit set
crypto/testmgr: mark non-crypto algorithms
crypto/algapi: don't init algapi in fips mode
crypto/algapi.c: disable crypto_check_module_sig() for FIPS module
crypto/testmgr: add helper to alg_test()
crypto: pass struct crypto_alg directly to alg_test()
crypto: alg - add CRYPTO_ALG_FIPS_PROVIDED flag
crypto: testmgr: check that we got the expected alg
crypto: make sure crypto_alg_tested() finds the correct algorithm
module: add load_module_mem() helper
module: add a mechanism for pluggable crypto APIs
crypto: fips140: include crypto/api.h in a few places
crypto: fips140: convert lib/crypto/aes.c to using crypto API wrappers
crypto: fips140: convert lib/crypto/aesgcm.c to using crypto API
wrappers
crypto: fips140: convert lib/crypto/gf128mul.c to using crypto API
wrappers
crypto: fips140: convert lib/crypto/memneq.c to using crypto API
wrappers
crypto: fips140: convert lib/crypto/sha256.c to using crypto API
wrappers
crypto: fips140: convert lib/crypto/sha512.c to using crypto API
wrappers
crypto: fips140: convert lib/crypto/utils.c to using crypto API
wrappers
crypto: fips140: convert crypto/aead.c to using crypto API wrappers
crypto: fips140: convert crypto/aes_generic.c to using crypto API
wrappers
crypto: fips140: convert crypto/ahash.c to using crypto API wrappers
crypto: fips140: convert crypto/akcipher.c to using crypto API
wrappers
crypto: fips140: convert crypto/algapi.c to using crypto API wrappers
crypto: fips140: convert crypto/algboss.c to using crypto API wrappers
crypto: fips140: convert crypto/api.c to using crypto API wrappers
crypto: fips140: convert crypto/authenc.c to using crypto API wrappers
crypto: fips140: convert crypto/authencesn.c to using crypto API
wrappers
crypto: fips140: convert crypto/cbc.c to using crypto API wrappers
crypto: fips140: convert crypto/ccm.c to using crypto API wrappers
crypto: fips140: convert crypto/cipher.c to using crypto API wrappers
crypto: fips140: convert crypto/cmac.c to using crypto API wrappers
crypto: fips140: convert crypto/cryptd.c to using crypto API wrappers
crypto: fips140: convert crypto/ctr.c to using crypto API wrappers
crypto: fips140: convert crypto/dh.c to using crypto API wrappers
crypto: fips140: convert crypto/dh_helper.c to using crypto API
wrappers
crypto: fips140: convert crypto/drbg.c to using crypto API wrappers
crypto: fips140: convert crypto/ecb.c to using crypto API wrappers
crypto: fips140: convert crypto/ecc.c to using crypto API wrappers
crypto: fips140: convert crypto/ecdh.c to using crypto API wrappers
crypto: fips140: convert crypto/ecdh_helper.c to using crypto API
wrappers
crypto: fips140: convert crypto/ecdsa.c to using crypto API wrappers
crypto: fips140: convert crypto/echainiv.c to using crypto API
wrappers
crypto: fips140: convert crypto/essiv.c to using crypto API wrappers
crypto: fips140: convert crypto/gcm.c to using crypto API wrappers
crypto: fips140: convert crypto/geniv.c to using crypto API wrappers
crypto: fips140: convert crypto/ghash-generic.c to using crypto API
wrappers
crypto: fips140: convert crypto/hmac.c to using crypto API wrappers
crypto: fips140: convert crypto/jitterentropy-kcapi.c to using crypto
API wrappers
crypto: fips140: convert crypto/kpp.c to using crypto API wrappers
crypto: fips140: convert crypto/lskcipher.c to using crypto API
wrappers
crypto: fips140: convert crypto/pcrypt.c to using crypto API wrappers
crypto: fips140: convert crypto/rng.c to using crypto API wrappers
crypto: fips140: convert crypto/rsa.c to using crypto API wrappers
crypto: fips140: convert crypto/rsa_helper.c to using crypto API
wrappers
crypto: fips140: convert crypto/seqiv.c to using crypto API wrappers
crypto: fips140: convert crypto/sha1.c to using crypto API wrappers
crypto: fips140: convert crypto/sha256.c to using crypto API wrappers
crypto: fips140: convert crypto/sha3_generic.c to using crypto API
wrappers
crypto: fips140: convert crypto/sha512.c to using crypto API wrappers
crypto: fips140: convert crypto/shash.c to using crypto API wrappers
crypto: fips140: convert crypto/sig.c to using crypto API wrappers
crypto: fips140: convert crypto/simd.c to using crypto API wrappers
crypto: fips140: convert crypto/skcipher.c to using crypto API
wrappers
crypto: fips140: convert crypto/tcrypt.c to using crypto API wrappers
crypto: fips140: convert crypto/testmgr.c to using crypto API wrappers
crypto: fips140: convert crypto/xts.c to using crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/asymmetric_type.c to
using crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/pkcs7_key_type.c to
using crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/pkcs7_parser.c to
using crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/pkcs7_trust.c to using
crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/pkcs7_verify.c to
using crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/pkcs8_parser.c to
using crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/public_key.c to using
crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/selftest.c to using
crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/signature.c to using
crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/x509_cert_parser.c to
using crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/x509_loader.c to using
crypto API wrappers
crypto: fips140: convert crypto/asymmetric_keys/x509_public_key.c to
using crypto API wrappers
crypto: fips140: manual fixups for include/keys/asymmetric-type.h
crypto: fips140: manual fixups for include/crypto/sha2.h
crypto: fips140: manual fixups for include/crypto/public_key.h
crypto: fips140: manual fixups for include/crypto/aes.h
crypto: fips140: manual fixups for crypto/internal.h
crypto: fips140: manual fixups for include/crypto/internal/ecc.h
crypto: fips140: manual fixups for include/crypto/internal/rsa.h
crypto: fips140: manual fixups for include/crypto/aes.h
crypto: fips140: manual fixups for lib/crypto/sha256.c
crypto: fips140: manual fixups for lib/crypto/sha512.c
crypto: fips140: add symlinks to kernel sources
crypto: fips140: add standalone FIPS 140 module
crypto: fips140: add FIPS 140 module loader
scripts/extract-fips140: new script
Documentation/crypto: add fips140.rst
MAINTAINERS: add myself as FIPS140 standalone module maintainer
Documentation/crypto/fips140.rst | 231 ++++++
Documentation/crypto/index.rst | 1 +
MAINTAINERS | 10 +
arch/arm64/kernel/vmlinux.lds.S | 1 +
arch/x86/boot/string.h | 4 +
certs/system_keyring.c | 2 +
crypto/Kconfig | 2 +
crypto/Makefile | 24 +
crypto/aead.c | 48 +-
crypto/aes_generic.c | 8 +-
crypto/ahash.c | 108 +--
crypto/akcipher.c | 28 +-
crypto/algapi.c | 193 +++--
crypto/algboss.c | 36 +-
crypto/api.c | 76 +-
crypto/asymmetric_keys/asymmetric_type.c | 30 +-
crypto/asymmetric_keys/pkcs7_key_type.c | 5 +-
crypto/asymmetric_keys/pkcs7_parser.c | 12 +-
crypto/asymmetric_keys/pkcs7_trust.c | 4 +-
crypto/asymmetric_keys/pkcs7_verify.c | 8 +-
crypto/asymmetric_keys/pkcs8_parser.c | 4 +-
crypto/asymmetric_keys/public_key.c | 8 +-
crypto/asymmetric_keys/selftest.c | 2 +-
crypto/asymmetric_keys/signature.c | 12 +-
crypto/asymmetric_keys/x509_cert_parser.c | 12 +-
crypto/asymmetric_keys/x509_loader.c | 4 +-
crypto/asymmetric_keys/x509_parser.h | 15 +-
crypto/asymmetric_keys/x509_public_key.c | 4 +-
crypto/authenc.c | 8 +-
crypto/authencesn.c | 4 +-
crypto/cbc.c | 4 +-
crypto/ccm.c | 4 +-
crypto/cipher.c | 16 +-
crypto/cmac.c | 4 +-
crypto/cryptd.c | 58 +-
crypto/ctr.c | 4 +-
crypto/dh.c | 12 +-
crypto/dh_helper.c | 12 +-
crypto/drbg.c | 4 +-
crypto/ecb.c | 4 +-
crypto/ecc.c | 92 +--
crypto/ecdh.c | 4 +-
crypto/ecdh_helper.c | 12 +-
crypto/ecdsa.c | 4 +-
crypto/echainiv.c | 4 +-
crypto/essiv.c | 4 +-
crypto/fips140-api.c | 726 ++++++++++++++++++
crypto/fips140-loader.c | 96 +++
crypto/gcm.c | 4 +-
crypto/geniv.c | 20 +-
crypto/ghash-generic.c | 4 +-
crypto/hmac.c | 4 +-
crypto/internal.h | 103 ++-
crypto/jitterentropy-kcapi.c | 4 +-
crypto/jitterentropy.c | 3 +-
crypto/kpp.c | 24 +-
crypto/lskcipher.c | 44 +-
crypto/pcrypt.c | 4 +-
crypto/rng.c | 41 +-
crypto/rsa.c | 4 +-
crypto/rsa_helper.c | 8 +-
crypto/seqiv.c | 4 +-
crypto/sha1.c | 4 +-
crypto/sha256.c | 4 +-
crypto/sha3_generic.c | 8 +-
crypto/sha512.c | 4 +-
crypto/shash.c | 94 ++-
crypto/sig.c | 20 +-
crypto/simd.c | 24 +-
crypto/skcipher.c | 72 +-
crypto/tcrypt.c | 22 +-
crypto/testmgr.c | 419 ++++++----
crypto/xts.c | 4 +-
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +-
.../crypto/intel/keembay/keembay-ocs-ecc.c | 14 +-
fips140/Kconfig | 174 +++++
fips140/Makefile | 183 +++++
fips140/crypto/aead.c | 1 +
fips140/crypto/aes_generic.c | 1 +
fips140/crypto/ahash.c | 1 +
fips140/crypto/akcipher.c | 1 +
fips140/crypto/algapi.c | 1 +
fips140/crypto/algboss.c | 1 +
fips140/crypto/api.c | 1 +
.../crypto/asymmetric_keys/asymmetric_keys.h | 1 +
.../crypto/asymmetric_keys/asymmetric_type.c | 1 +
.../crypto/asymmetric_keys/mscode_parser.c | 1 +
fips140/crypto/asymmetric_keys/pkcs7.asn1 | 1 +
.../crypto/asymmetric_keys/pkcs7_key_type.c | 1 +
fips140/crypto/asymmetric_keys/pkcs7_parser.c | 1 +
fips140/crypto/asymmetric_keys/pkcs7_parser.h | 1 +
fips140/crypto/asymmetric_keys/pkcs7_trust.c | 1 +
fips140/crypto/asymmetric_keys/pkcs7_verify.c | 1 +
fips140/crypto/asymmetric_keys/pkcs8.asn1 | 1 +
fips140/crypto/asymmetric_keys/pkcs8_parser.c | 1 +
fips140/crypto/asymmetric_keys/public_key.c | 1 +
fips140/crypto/asymmetric_keys/restrict.c | 1 +
fips140/crypto/asymmetric_keys/selftest.c | 1 +
fips140/crypto/asymmetric_keys/selftest.h | 1 +
.../crypto/asymmetric_keys/selftest_ecdsa.c | 1 +
fips140/crypto/asymmetric_keys/selftest_rsa.c | 1 +
fips140/crypto/asymmetric_keys/signature.c | 1 +
.../crypto/asymmetric_keys/verify_pefile.c | 1 +
.../crypto/asymmetric_keys/verify_pefile.h | 1 +
fips140/crypto/asymmetric_keys/x509.asn1 | 1 +
fips140/crypto/asymmetric_keys/x509_akid.asn1 | 1 +
.../crypto/asymmetric_keys/x509_cert_parser.c | 1 +
fips140/crypto/asymmetric_keys/x509_loader.c | 1 +
fips140/crypto/asymmetric_keys/x509_parser.h | 1 +
.../crypto/asymmetric_keys/x509_public_key.c | 1 +
fips140/crypto/authenc.c | 1 +
fips140/crypto/authencesn.c | 1 +
fips140/crypto/cbc.c | 1 +
fips140/crypto/ccm.c | 1 +
fips140/crypto/cipher.c | 1 +
fips140/crypto/cmac.c | 1 +
fips140/crypto/cryptd.c | 1 +
fips140/crypto/ctr.c | 1 +
fips140/crypto/dh.c | 1 +
fips140/crypto/dh_helper.c | 1 +
fips140/crypto/drbg.c | 1 +
fips140/crypto/ecb.c | 1 +
fips140/crypto/ecc.c | 1 +
fips140/crypto/ecc_curve_defs.h | 1 +
fips140/crypto/ecdh.c | 1 +
fips140/crypto/ecdh_helper.c | 1 +
fips140/crypto/ecdsa-p1363.c | 1 +
fips140/crypto/ecdsa-x962.c | 1 +
fips140/crypto/ecdsa.c | 1 +
fips140/crypto/ecdsasignature.asn1 | 1 +
fips140/crypto/echainiv.c | 1 +
fips140/crypto/essiv.c | 1 +
fips140/crypto/gcm.c | 1 +
fips140/crypto/geniv.c | 1 +
fips140/crypto/ghash-generic.c | 1 +
fips140/crypto/hash.h | 1 +
fips140/crypto/hmac.c | 1 +
fips140/crypto/internal.h | 1 +
fips140/crypto/jitterentropy-kcapi.c | 1 +
fips140/crypto/jitterentropy.c | 1 +
fips140/crypto/jitterentropy.h | 1 +
fips140/crypto/kpp.c | 1 +
fips140/crypto/lskcipher.c | 1 +
fips140/crypto/pcrypt.c | 1 +
fips140/crypto/proc.c | 1 +
fips140/crypto/rng.c | 1 +
fips140/crypto/rsa-pkcs1pad.c | 1 +
fips140/crypto/rsa.c | 1 +
fips140/crypto/rsa_helper.c | 1 +
fips140/crypto/rsaprivkey.asn1 | 1 +
fips140/crypto/rsapubkey.asn1 | 1 +
fips140/crypto/rsassa-pkcs1.c | 1 +
fips140/crypto/seqiv.c | 1 +
fips140/crypto/sha256.c | 1 +
fips140/crypto/sha3_generic.c | 1 +
fips140/crypto/sha512.c | 1 +
fips140/crypto/shash.c | 1 +
fips140/crypto/sig.c | 1 +
fips140/crypto/simd.c | 1 +
fips140/crypto/skcipher.c | 1 +
fips140/crypto/skcipher.h | 1 +
fips140/crypto/tcrypt.c | 1 +
fips140/crypto/tcrypt.h | 1 +
fips140/crypto/testmgr.c | 1 +
fips140/crypto/testmgr.h | 1 +
fips140/crypto/xts.c | 1 +
fips140/fips140-glue.c | 216 ++++++
fips140/fips140.lds | 9 +
fips140/lib/crypto/aes.c | 1 +
fips140/lib/crypto/aesgcm.c | 1 +
fips140/lib/crypto/gf128mul.c | 1 +
fips140/lib/crypto/memneq.c | 1 +
fips140/lib/crypto/sha256.c | 1 +
fips140/lib/crypto/sha512.c | 1 +
fips140/lib/crypto/utils.c | 1 +
include/asm-generic/vmlinux.lds.h | 38 +-
include/crypto/aead.h | 26 +-
include/crypto/aes.h | 39 +-
include/crypto/akcipher.h | 18 +-
include/crypto/algapi.h | 125 ++-
include/crypto/api.h | 154 ++++
include/crypto/authenc.h | 6 +-
include/crypto/cryptd.h | 56 +-
include/crypto/dh.h | 14 +-
include/crypto/ecc_curve.h | 9 +-
include/crypto/ecdh.h | 14 +-
include/crypto/gcm.h | 19 +-
include/crypto/gf128mul.h | 29 +-
include/crypto/hash.h | 97 ++-
include/crypto/internal/aead.h | 28 +-
include/crypto/internal/akcipher.h | 21 +-
include/crypto/internal/cipher.h | 20 +-
include/crypto/internal/ecc.h | 101 ++-
include/crypto/internal/geniv.h | 14 +-
include/crypto/internal/hash.h | 120 ++-
include/crypto/internal/kpp.h | 21 +-
include/crypto/internal/rng.h | 21 +-
include/crypto/internal/rsa.h | 22 +-
include/crypto/internal/sig.h | 20 +-
include/crypto/internal/simd.h | 32 +-
include/crypto/internal/skcipher.h | 89 ++-
include/crypto/kpp.h | 9 +-
include/crypto/pkcs7.h | 31 +-
include/crypto/public_key.h | 32 +-
include/crypto/rng.h | 20 +-
include/crypto/sha2.h | 181 +++--
include/crypto/sha3.h | 5 +-
include/crypto/sig.h | 5 +-
include/crypto/skcipher.h | 56 +-
include/crypto/utils.h | 9 +-
include/keys/asymmetric-parser.h | 8 +-
include/keys/asymmetric-type.h | 39 +-
include/linux/crypto.h | 31 +-
include/linux/fips.h | 17 +
include/linux/module.h | 2 +
include/uapi/linux/module.h | 5 +
kernel/module/main.c | 121 ++-
kernel/params.c | 2 +-
lib/crypto/aes.c | 12 +-
lib/crypto/aesgcm.c | 16 +-
lib/crypto/gf128mul.c | 28 +-
lib/crypto/memneq.c | 4 +-
lib/crypto/sha256.c | 78 +-
lib/crypto/sha512.c | 78 +-
lib/crypto/utils.c | 4 +-
net/tipc/crypto.c | 8 +-
scripts/extract-fips140 | 53 ++
security/keys/trusted-keys/trusted_core.c | 18 +-
228 files changed, 4243 insertions(+), 1396 deletions(-)
create mode 100644 Documentation/crypto/fips140.rst
create mode 100644 crypto/fips140-api.c
create mode 100644 crypto/fips140-loader.c
create mode 100644 fips140/Kconfig
create mode 100644 fips140/Makefile
create mode 120000 fips140/crypto/aead.c
create mode 120000 fips140/crypto/aes_generic.c
create mode 120000 fips140/crypto/ahash.c
create mode 120000 fips140/crypto/akcipher.c
create mode 120000 fips140/crypto/algapi.c
create mode 120000 fips140/crypto/algboss.c
create mode 120000 fips140/crypto/api.c
create mode 120000 fips140/crypto/asymmetric_keys/asymmetric_keys.h
create mode 120000 fips140/crypto/asymmetric_keys/asymmetric_type.c
create mode 120000 fips140/crypto/asymmetric_keys/mscode_parser.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7.asn1
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_key_type.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_parser.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_parser.h
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_trust.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_verify.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs8.asn1
create mode 120000 fips140/crypto/asymmetric_keys/pkcs8_parser.c
create mode 120000 fips140/crypto/asymmetric_keys/public_key.c
create mode 120000 fips140/crypto/asymmetric_keys/restrict.c
create mode 120000 fips140/crypto/asymmetric_keys/selftest.c
create mode 120000 fips140/crypto/asymmetric_keys/selftest.h
create mode 120000 fips140/crypto/asymmetric_keys/selftest_ecdsa.c
create mode 120000 fips140/crypto/asymmetric_keys/selftest_rsa.c
create mode 120000 fips140/crypto/asymmetric_keys/signature.c
create mode 120000 fips140/crypto/asymmetric_keys/verify_pefile.c
create mode 120000 fips140/crypto/asymmetric_keys/verify_pefile.h
create mode 120000 fips140/crypto/asymmetric_keys/x509.asn1
create mode 120000 fips140/crypto/asymmetric_keys/x509_akid.asn1
create mode 120000 fips140/crypto/asymmetric_keys/x509_cert_parser.c
create mode 120000 fips140/crypto/asymmetric_keys/x509_loader.c
create mode 120000 fips140/crypto/asymmetric_keys/x509_parser.h
create mode 120000 fips140/crypto/asymmetric_keys/x509_public_key.c
create mode 120000 fips140/crypto/authenc.c
create mode 120000 fips140/crypto/authencesn.c
create mode 120000 fips140/crypto/cbc.c
create mode 120000 fips140/crypto/ccm.c
create mode 120000 fips140/crypto/cipher.c
create mode 120000 fips140/crypto/cmac.c
create mode 120000 fips140/crypto/cryptd.c
create mode 120000 fips140/crypto/ctr.c
create mode 120000 fips140/crypto/dh.c
create mode 120000 fips140/crypto/dh_helper.c
create mode 120000 fips140/crypto/drbg.c
create mode 120000 fips140/crypto/ecb.c
create mode 120000 fips140/crypto/ecc.c
create mode 120000 fips140/crypto/ecc_curve_defs.h
create mode 120000 fips140/crypto/ecdh.c
create mode 120000 fips140/crypto/ecdh_helper.c
create mode 120000 fips140/crypto/ecdsa-p1363.c
create mode 120000 fips140/crypto/ecdsa-x962.c
create mode 120000 fips140/crypto/ecdsa.c
create mode 120000 fips140/crypto/ecdsasignature.asn1
create mode 120000 fips140/crypto/echainiv.c
create mode 120000 fips140/crypto/essiv.c
create mode 120000 fips140/crypto/gcm.c
create mode 120000 fips140/crypto/geniv.c
create mode 120000 fips140/crypto/ghash-generic.c
create mode 120000 fips140/crypto/hash.h
create mode 120000 fips140/crypto/hmac.c
create mode 120000 fips140/crypto/internal.h
create mode 120000 fips140/crypto/jitterentropy-kcapi.c
create mode 120000 fips140/crypto/jitterentropy.c
create mode 120000 fips140/crypto/jitterentropy.h
create mode 120000 fips140/crypto/kpp.c
create mode 120000 fips140/crypto/lskcipher.c
create mode 120000 fips140/crypto/pcrypt.c
create mode 120000 fips140/crypto/proc.c
create mode 120000 fips140/crypto/rng.c
create mode 120000 fips140/crypto/rsa-pkcs1pad.c
create mode 120000 fips140/crypto/rsa.c
create mode 120000 fips140/crypto/rsa_helper.c
create mode 120000 fips140/crypto/rsaprivkey.asn1
create mode 120000 fips140/crypto/rsapubkey.asn1
create mode 120000 fips140/crypto/rsassa-pkcs1.c
create mode 120000 fips140/crypto/seqiv.c
create mode 120000 fips140/crypto/sha256.c
create mode 120000 fips140/crypto/sha3_generic.c
create mode 120000 fips140/crypto/sha512.c
create mode 120000 fips140/crypto/shash.c
create mode 120000 fips140/crypto/sig.c
create mode 120000 fips140/crypto/simd.c
create mode 120000 fips140/crypto/skcipher.c
create mode 120000 fips140/crypto/skcipher.h
create mode 120000 fips140/crypto/tcrypt.c
create mode 120000 fips140/crypto/tcrypt.h
create mode 120000 fips140/crypto/testmgr.c
create mode 120000 fips140/crypto/testmgr.h
create mode 120000 fips140/crypto/xts.c
create mode 100644 fips140/fips140-glue.c
create mode 100644 fips140/fips140.lds
create mode 120000 fips140/lib/crypto/aes.c
create mode 120000 fips140/lib/crypto/aesgcm.c
create mode 120000 fips140/lib/crypto/gf128mul.c
create mode 120000 fips140/lib/crypto/memneq.c
create mode 120000 fips140/lib/crypto/sha256.c
create mode 120000 fips140/lib/crypto/sha512.c
create mode 120000 fips140/lib/crypto/utils.c
create mode 100644 include/crypto/api.h
create mode 100755 scripts/extract-fips140
--
2.39.3
^ permalink raw reply [flat|nested] 115+ messages in thread
* [PATCH RFC 001/104] params: use arch_initcall to initialize params sysfs earlier
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 002/104] Revert "Revert "crypto: shash - avoid comparing pointers to exported functions under CFI"" Vegard Nossum
` (103 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
We need to load and initialize the FIPS module quite early in the boot
process, but in order to load modules we need to have params sysfs set
up. Bump it up a bit in the boot process.
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Petr Pavlu <petr.pavlu@suse.com>
Cc: Daniel Gomez <da.gomez@kernel.org>
Cc: Sami Tolvanen <samitolvanen@google.com>
Cc: linux-modules@vger.kernel.org
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
kernel/params.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/params.c b/kernel/params.c
index b92d64161b75..03a55ff70bd8 100644
--- a/kernel/params.c
+++ b/kernel/params.c
@@ -971,7 +971,7 @@ static int __init param_sysfs_init(void)
return 0;
}
-subsys_initcall(param_sysfs_init);
+arch_initcall(param_sysfs_init);
/*
* param_sysfs_builtin_init - add sysfs version and parameter
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 002/104] Revert "Revert "crypto: shash - avoid comparing pointers to exported functions under CFI""
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 001/104] params: use arch_initcall to initialize params sysfs earlier Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 003/104] crypto/jitterentropy: remove linux/fips.h include Vegard Nossum
` (102 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum,
Peter Zijlstra, Eric Biggers
This reverts commit c060e16ddb51a92b1f7fa84c628d287ea5799864.
For a standalone FIPS module we have the same issue as CFI: modules
won't get the same address for shash_no_setkey as the core kernel will.
A cleaner solution overall would probably be to simply use NULL when
there is no setkey and check for it as we do in most other areas of the
kernel. We can explore that later (or in later versions of this series).
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Sami Tolvanen <samitolvanen@google.com>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/shash.c | 18 +++++++++++++++---
include/crypto/internal/hash.h | 8 +-------
2 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/crypto/shash.c b/crypto/shash.c
index 4721f5f134f4..d45d7ec83a8c 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -34,12 +34,24 @@ static inline bool crypto_shash_finup_max(struct crypto_shash *tfm)
CRYPTO_AHASH_ALG_FINUP_MAX;
}
-int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
- unsigned int keylen)
+static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
+ unsigned int keylen)
{
return -ENOSYS;
}
-EXPORT_SYMBOL_GPL(shash_no_setkey);
+
+/*
+ * Check whether an shash algorithm has a setkey function.
+ *
+ * For CFI compatibility, this must not be an inline function. This is because
+ * when CFI is enabled, modules won't get the same address for shash_no_setkey
+ * (if it were exported, which inlining would require) as the core kernel will.
+ */
+bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
+{
+ return alg->setkey != shash_no_setkey;
+}
+EXPORT_SYMBOL_GPL(crypto_shash_alg_has_setkey);
static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
{
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index 6ec5f2f37ccb..e39456de57e4 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -92,13 +92,7 @@ int ahash_register_instance(struct crypto_template *tmpl,
struct ahash_instance *inst);
void ahash_free_singlespawn_instance(struct ahash_instance *inst);
-int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
- unsigned int keylen);
-
-static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
-{
- return alg->setkey != shash_no_setkey;
-}
+bool crypto_shash_alg_has_setkey(struct shash_alg *alg);
bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 003/104] crypto/jitterentropy: remove linux/fips.h include
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 001/104] params: use arch_initcall to initialize params sysfs earlier Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 002/104] Revert "Revert "crypto: shash - avoid comparing pointers to exported functions under CFI"" Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 004/104] crypto: api - Disallow identical template names Vegard Nossum
` (101 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
crypto/jitterentropy.c is deliberately compiled with -O0 and is not
supposed to depend on any kernel headers (see commit dfc9fa91938b
"crypto: jitterentropy - avoid compiler warnings").
We'll be changing include/linux/fips.h later in this series to include
other headers which break the build of jitterentropy.c due to gcc not
being able to constant propagate under -O0.
Just forward declare fips_enabled, which is the only thing
jitterentropy.o needs from this header anyway.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/jitterentropy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/jitterentropy.c b/crypto/jitterentropy.c
index 3f93cdc9a7af..d939f57667dd 100644
--- a/crypto/jitterentropy.c
+++ b/crypto/jitterentropy.c
@@ -146,10 +146,11 @@ struct rand_data {
#define JENT_ENTROPY_SAFETY_FACTOR 64
#include <linux/array_size.h>
-#include <linux/fips.h>
#include <linux/minmax.h>
#include "jitterentropy.h"
+extern int fips_enabled;
+
/***************************************************************************
* Adaptive Proportion Test
*
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 004/104] crypto: api - Disallow identical template names
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (2 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 003/104] crypto/jitterentropy: remove linux/fips.h include Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 005/104] crypto: hide crypto_default_rng variable Vegard Nossum
` (100 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum,
Ovidiu Panait
Disallow registration of two templates with identical names. This
normally does not occur naturally but results in very confusing
behaviour when it does.
This is similar in spirit to commit 27016f75f5ed47e2d8e
("crypto: api - Disallow identical driver names").
Cc: Ovidiu Panait <ovidiu.panait@windriver.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/algapi.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/crypto/algapi.c b/crypto/algapi.c
index e604d0d8b7b4..e11b8fdb0865 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -546,6 +546,12 @@ int crypto_register_template(struct crypto_template *tmpl)
crypto_check_module_sig(tmpl->module);
list_for_each_entry(q, &crypto_template_list, list) {
+ /*
+ * If we find a template already registered with the same
+ * name, refuse to register a new one.
+ */
+ if (!strcmp(q->name, tmpl->name))
+ goto out;
if (q == tmpl)
goto out;
}
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 005/104] crypto: hide crypto_default_rng variable
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (3 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 004/104] crypto: api - Disallow identical template names Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-11 5:48 ` Herbert Xu
2025-09-04 15:50 ` [PATCH RFC 006/104] KEYS: trusted: eat -ENOENT from the crypto API Vegard Nossum
` (99 subsequent siblings)
104 siblings, 1 reply; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum,
Sriharsha Yadagudde
De-globalize crypto_default_rng and make it accessible only through the
crypto_get_default_rng()/crypto_put_default_rng() API instead. The users
need to call these functions anyway so there is really no point in
having it as a global.
I opted to take double pointers as arguments (and return an error code)
so we can do basic API misuse checking.
Reported-by: Sriharsha Yadagudde <sriharsha.devdas@oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/dh.c | 8 ++++----
crypto/ecc.c | 8 ++++----
crypto/geniv.c | 8 ++++----
crypto/rng.c | 9 +++++----
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 ++++----
drivers/crypto/intel/keembay/keembay-ocs-ecc.c | 14 ++++++++------
include/crypto/rng.h | 6 ++----
net/tipc/crypto.c | 8 ++++----
8 files changed, 35 insertions(+), 34 deletions(-)
diff --git a/crypto/dh.c b/crypto/dh.c
index 8250eeeebd0f..1d80213574b3 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -352,6 +352,7 @@ static void *dh_safe_prime_gen_privkey(const struct dh_safe_prime *safe_prime,
{
unsigned int n, oversampling_size;
__be64 *key;
+ struct crypto_rng *rng;
int err;
u64 h, o;
@@ -389,12 +390,11 @@ static void *dh_safe_prime_gen_privkey(const struct dh_safe_prime *safe_prime,
* random bits and interpret them as a big endian integer.
*/
err = -EFAULT;
- if (crypto_get_default_rng())
+ if (crypto_get_default_rng(&rng))
goto out_err;
- err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)key,
- oversampling_size);
- crypto_put_default_rng();
+ err = crypto_rng_get_bytes(rng, (u8 *)key, oversampling_size);
+ crypto_put_default_rng(&rng);
if (err)
goto out_err;
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 6cf9a945fc6c..c9f82626177b 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1525,6 +1525,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
const struct ecc_curve *curve = ecc_get_curve(curve_id);
unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
unsigned int nbits = vli_num_bits(curve->n, ndigits);
+ struct crypto_rng *rng;
int err;
/*
@@ -1545,13 +1546,12 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
* This condition is met by the default RNG because it selects a favored
* DRBG with a security strength of 256.
*/
- if (crypto_get_default_rng())
+ if (crypto_get_default_rng(&rng))
return -EFAULT;
/* Step 3: obtain N returned_bits from the DRBG. */
- err = crypto_rng_get_bytes(crypto_default_rng,
- (u8 *)private_key, nbytes);
- crypto_put_default_rng();
+ err = crypto_rng_get_bytes(rng, (u8 *)private_key, nbytes);
+ crypto_put_default_rng(&rng);
if (err)
return err;
diff --git a/crypto/geniv.c b/crypto/geniv.c
index 42eff6a7387c..0b18240ac813 100644
--- a/crypto/geniv.c
+++ b/crypto/geniv.c
@@ -109,18 +109,18 @@ int aead_init_geniv(struct crypto_aead *aead)
{
struct aead_geniv_ctx *ctx = crypto_aead_ctx(aead);
struct aead_instance *inst = aead_alg_instance(aead);
+ struct crypto_rng *rng;
struct crypto_aead *child;
int err;
spin_lock_init(&ctx->lock);
- err = crypto_get_default_rng();
+ err = crypto_get_default_rng(&rng);
if (err)
goto out;
- err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt,
- crypto_aead_ivsize(aead));
- crypto_put_default_rng();
+ err = crypto_rng_get_bytes(rng, ctx->salt, crypto_aead_ivsize(aead));
+ crypto_put_default_rng(&rng);
if (err)
goto out;
diff --git a/crypto/rng.c b/crypto/rng.c
index b8ae6ebc091d..2a246e1a0918 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -24,8 +24,7 @@
#include "internal.h"
static DEFINE_MUTEX(crypto_default_rng_lock);
-struct crypto_rng *crypto_default_rng;
-EXPORT_SYMBOL_GPL(crypto_default_rng);
+static struct crypto_rng *crypto_default_rng;
static int crypto_default_rng_refcnt;
int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
@@ -107,7 +106,7 @@ struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask)
}
EXPORT_SYMBOL_GPL(crypto_alloc_rng);
-int crypto_get_default_rng(void)
+int crypto_get_default_rng(struct crypto_rng **result)
{
struct crypto_rng *rng;
int err;
@@ -128,6 +127,7 @@ int crypto_get_default_rng(void)
crypto_default_rng = rng;
}
+ *result = crypto_default_rng;
crypto_default_rng_refcnt++;
err = 0;
@@ -138,9 +138,10 @@ int crypto_get_default_rng(void)
}
EXPORT_SYMBOL_GPL(crypto_get_default_rng);
-void crypto_put_default_rng(void)
+void crypto_put_default_rng(struct crypto_rng **rng)
{
mutex_lock(&crypto_default_rng_lock);
+ *rng = NULL;
crypto_default_rng_refcnt--;
mutex_unlock(&crypto_default_rng_lock);
}
diff --git a/drivers/crypto/hisilicon/hpre/hpre_crypto.c b/drivers/crypto/hisilicon/hpre/hpre_crypto.c
index 1550c3818383..48872721214c 100644
--- a/drivers/crypto/hisilicon/hpre/hpre_crypto.c
+++ b/drivers/crypto/hisilicon/hpre/hpre_crypto.c
@@ -1380,17 +1380,17 @@ static bool hpre_key_is_zero(char *key, unsigned short key_sz)
static int ecdh_gen_privkey(struct hpre_ctx *ctx, struct ecdh *params)
{
struct device *dev = ctx->dev;
+ struct crypto_rng *rng;
int ret;
- ret = crypto_get_default_rng();
+ ret = crypto_get_default_rng(&rng);
if (ret) {
dev_err(dev, "failed to get default rng, ret = %d!\n", ret);
return ret;
}
- ret = crypto_rng_get_bytes(crypto_default_rng, (u8 *)params->key,
- params->key_size);
- crypto_put_default_rng();
+ ret = crypto_rng_get_bytes(rng, (u8 *)params->key, params->key_size);
+ crypto_put_default_rng(&rng);
if (ret)
dev_err(dev, "failed to get rng, ret = %d!\n", ret);
diff --git a/drivers/crypto/intel/keembay/keembay-ocs-ecc.c b/drivers/crypto/intel/keembay/keembay-ocs-ecc.c
index 59308926399d..a79e6549740f 100644
--- a/drivers/crypto/intel/keembay/keembay-ocs-ecc.c
+++ b/drivers/crypto/intel/keembay/keembay-ocs-ecc.c
@@ -223,6 +223,7 @@ static int kmb_ecc_point_mult(struct ocs_ecc_dev *ecc_dev,
u64 *scalar,
const struct ecc_curve *curve)
{
+ struct crypto_rng *rng;
u8 sca[KMB_ECC_VLI_MAX_BYTES]; /* Use the maximum data size. */
u32 op_size = (curve->g.ndigits > ECC_CURVE_NIST_P256_DIGITS) ?
OCS_ECC_OP_SIZE_384 : OCS_ECC_OP_SIZE_256;
@@ -230,12 +231,12 @@ static int kmb_ecc_point_mult(struct ocs_ecc_dev *ecc_dev,
int rc = 0;
/* Generate random nbytes for Simple and Differential SCA protection. */
- rc = crypto_get_default_rng();
+ rc = crypto_get_default_rng(&rng);
if (rc)
return rc;
- rc = crypto_rng_get_bytes(crypto_default_rng, sca, nbytes);
- crypto_put_default_rng();
+ rc = crypto_rng_get_bytes(rng, sca, nbytes);
+ crypto_put_default_rng(&rng);
if (rc)
return rc;
@@ -490,6 +491,7 @@ static int kmb_ecc_is_key_valid(const struct ecc_curve *curve,
*/
static int kmb_ecc_gen_privkey(const struct ecc_curve *curve, u64 *privkey)
{
+ struct crypto_rng *rng;
size_t nbytes = digits_to_bytes(curve->g.ndigits);
u64 priv[KMB_ECC_VLI_MAX_DIGITS];
size_t nbits;
@@ -512,11 +514,11 @@ static int kmb_ecc_gen_privkey(const struct ecc_curve *curve, u64 *privkey)
* This condition is met by the default RNG because it selects a favored
* DRBG with a security strength of 256.
*/
- if (crypto_get_default_rng())
+ if (crypto_get_default_rng(&rng))
return -EFAULT;
- rc = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes);
- crypto_put_default_rng();
+ rc = crypto_rng_get_bytes(rng, (u8 *)priv, nbytes);
+ crypto_put_default_rng(&rng);
if (rc)
goto cleanup;
diff --git a/include/crypto/rng.h b/include/crypto/rng.h
index f8224cc390f8..816f255adcd3 100644
--- a/include/crypto/rng.h
+++ b/include/crypto/rng.h
@@ -57,10 +57,8 @@ struct crypto_rng {
struct crypto_tfm base;
};
-extern struct crypto_rng *crypto_default_rng;
-
-int crypto_get_default_rng(void);
-void crypto_put_default_rng(void);
+int crypto_get_default_rng(struct crypto_rng **rng);
+void crypto_put_default_rng(struct crypto_rng **rng);
/**
* DOC: Random number generator API
diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
index ea5bb131ebd0..6b085fd383b0 100644
--- a/net/tipc/crypto.c
+++ b/net/tipc/crypto.c
@@ -368,13 +368,13 @@ int tipc_aead_key_validate(struct tipc_aead_key *ukey, struct genl_info *info)
static int tipc_aead_key_generate(struct tipc_aead_key *skey)
{
int rc = 0;
+ struct crypto_rng *rng;
/* Fill the key's content with a random value via RNG cipher */
- rc = crypto_get_default_rng();
+ rc = crypto_get_default_rng(&rng);
if (likely(!rc)) {
- rc = crypto_rng_get_bytes(crypto_default_rng, skey->key,
- skey->keylen);
- crypto_put_default_rng();
+ rc = crypto_rng_get_bytes(rng, skey->key, skey->keylen);
+ crypto_put_default_rng(&rng);
}
return rc;
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 006/104] KEYS: trusted: eat -ENOENT from the crypto API
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (4 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 005/104] crypto: hide crypto_default_rng variable Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 20:22 ` Linus Torvalds
2025-09-04 15:50 ` [PATCH RFC 007/104] testmgr: standardize alg/driver output in logs Vegard Nossum
` (98 subsequent siblings)
104 siblings, 1 reply; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum,
Vijaykumar Hegde, Sriharsha Yadagudde, Sumit Garg,
Jarkko Sakkinen, Linus Torvalds
If we have a config with:
CONFIG_TRUSTED_KEYS=m
CONFIG_TRUSTED_KEYS_TPM=y
CONFIG_DM_CRYPT=m
then dm-crypt.ko will depend on trusted.ko (due to using the exported
symbol 'key_type_trusted'), meaning trusted.ko will need to successfully
load before dm-crypt.ko can load.
However, since commit 9d50a25eeb05c ("crypto: testmgr - desupport SHA-1
for FIPS 140") when booting with fips=1, the SHA-1 algorithm (or anything
that uses it, like HMAC-SHA-1) will be unavailable.
security/keys/trusted-keys/trusted_tpm1.c is hard-coded to use SHA-1 and
will fail with -ENOENT when attempting to initialize the hash instance
using the crypto API _if_ the hardware is available. This in turn causes
the entire trusted.ko to fail to load.
(If TPM1 hardware is not available, trusted_tpm1.c will fail to load with
-ENODEV, which is handled in init_trusted() to allow the module to load
anyway.)
Long story short, having TPM1 hardware and booting with fips=1 will cause
dm-crypt to fail loading, even though SHA-1 may not actually be used or
needed at any point.
There's already some history of fiddling with the module init/exit code
and the return values here, but I think we can simplify the code somewhat:
- return immediately on success; there is no point in breaking out of the
loop and rechecking the return value
- return immediately on non-ENODEV/ENOENT errors; again, no point in
rechecking the return value
We could even consider retrying other trusted key sources regardless of
the exact error value, but that would change the semantics too much for
my comfort here.
Reported-by: Vijaykumar Hegde <vijaykumar.hegde@oracle.com>
Reported-by: Sriharsha Yadagudde <sriharsha.devdas@oracle.com>
Fixes: 9d50a25eeb05c ("crypto: testmgr - desupport SHA-1 for FIPS 140")
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/linux-integrity/CAHk-=whOPoLaWM8S8GgoOPT7a2+nMH5h3TLKtn=R_3w4R1_Uvg@mail.gmail.com/
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
security/keys/trusted-keys/trusted_core.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index e2d9644efde1..152832735bac 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -370,20 +370,22 @@ static int __init init_trusted(void)
trusted_key_exit = trusted_key_sources[i].ops->exit;
migratable = trusted_key_sources[i].ops->migratable;
+ return 0;
}
- if (!ret || ret != -ENODEV)
- break;
+ /*
+ * The crypto API returns -ENOENT if it doesn't support a
+ * given hashing algorithm (e.g. SHA1 in FIPS mode).
+ */
+ if (ret != -ENODEV && ret != -ENOENT)
+ return ret;
}
/*
- * encrypted_keys.ko depends on successful load of this module even if
- * trusted key implementation is not found.
+ * encrypted_keys.ko and dm-crypt depend on successful load of
+ * this module even if trusted key implementation is not found.
*/
- if (ret == -ENODEV)
- return 0;
-
- return ret;
+ return 0;
}
static void __exit cleanup_trusted(void)
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 007/104] testmgr: standardize alg/driver output in logs
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (5 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 006/104] KEYS: trusted: eat -ENOENT from the crypto API Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 008/104] arch/x86/boot/string.h: override memmove()/strlen() Vegard Nossum
` (97 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
The crypto code prints log messages with algorithm name and driver name
in multiple places, usually as "$alg ($driver)", but sometimes as
"$driver ($alg)", which is confusing.
To remove all ambiguity, standardize on "$alg (driver $driver)".
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/testmgr.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ee33ba21ae2b..47764fc879bb 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5753,7 +5753,7 @@ static int alg_find_test(const char *alg)
static int alg_fips_disabled(const char *driver, const char *alg)
{
- pr_info("alg: %s (%s) is disabled due to FIPS\n", alg, driver);
+ pr_info("alg: %s (driver %s) is disabled due to FIPS\n", alg, driver);
return -ECANCELED;
}
@@ -5814,18 +5814,18 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if (rc) {
if (fips_enabled) {
fips_fail_notify();
- panic("alg: self-tests for %s (%s) failed in fips mode!\n",
- driver, alg);
+ panic("alg: self-tests for %s (driver %s) failed in fips mode!\n",
+ alg, driver);
}
- pr_warn("alg: self-tests for %s using %s failed (rc=%d)",
+ pr_warn("alg: self-tests for %s (driver %s) failed (rc=%d)",
alg, driver, rc);
WARN(rc != -ENOENT,
- "alg: self-tests for %s using %s failed (rc=%d)",
+ "alg: self-tests for %s (driver %s) failed (rc=%d)",
alg, driver, rc);
} else {
if (fips_enabled)
- pr_info("alg: self-tests for %s (%s) passed\n",
- driver, alg);
+ pr_info("alg: self-tests for %s (driver %s) passed\n",
+ alg, driver);
}
return rc;
@@ -5850,7 +5850,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
}
notest2:
- printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
+ printk(KERN_INFO "alg: No test for %s (driver %s)\n", alg, driver);
if (type & CRYPTO_ALG_FIPS_INTERNAL)
return alg_fips_disabled(driver, alg);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 008/104] arch/x86/boot/string.h: override memmove()/strlen()
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (6 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 007/104] testmgr: standardize alg/driver output in logs Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 009/104] certs/system_keyring: export restrict_link_by_builtin_*trusted Vegard Nossum
` (96 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum,
Vivek Goyal, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
Dave Hansen, x86, H. Peter Anvin
arch/x86/boot/string.h defines string functions used by
arch/x86/purgatory/purgatory.c. Other headers used by this file may
pull in existing definitions of memmove() and strlen(), so extend the
overrides to these macros/functions as well.
(This is needed as purgatory uses crypto functions which pull in other
headers that I am changing in this patch series and causing errors.)
We might consider simply moving all of this into purgatory.c after all
the #includes to avoid similar issues in the future.
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: x86@kernel.org
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
arch/x86/boot/string.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/boot/string.h b/arch/x86/boot/string.h
index a5b05ebc037d..ac25100183bc 100644
--- a/arch/x86/boot/string.h
+++ b/arch/x86/boot/string.h
@@ -4,6 +4,7 @@
/* Undef any of these macros coming from string_32.h. */
#undef memcpy
+#undef memmove
#undef memset
#undef memcmp
@@ -15,9 +16,12 @@ int bcmp(const void *s1, const void *s2, size_t len);
/* Access builtin version by default. */
#define memcpy(d,s,l) __builtin_memcpy(d,s,l)
+#define memmove(d,s,l) __builtin_memmove(d,s,l)
#define memset(d,c,l) __builtin_memset(d,c,l)
#define memcmp __builtin_memcmp
+#undef strlen
+
extern int strcmp(const char *str1, const char *str2);
extern int strncmp(const char *cs, const char *ct, size_t count);
extern size_t strlen(const char *s);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 009/104] certs/system_keyring: export restrict_link_by_builtin_*trusted
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (7 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 008/104] arch/x86/boot/string.h: override memmove()/strlen() Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 010/104] crypto/testmgr: make fips_allowed a bit set Vegard Nossum
` (95 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum,
David Howells, David Woodhouse, keyrings
This allows us to call these functions from modules, specifically
the standalone FIPS module (which we're adding support for in this patch
series).
Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
certs/system_keyring.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 9de610bf1f4b..b9a882b627b4 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -50,6 +50,7 @@ int restrict_link_by_builtin_trusted(struct key *dest_keyring,
return restrict_link_by_signature(dest_keyring, type, payload,
builtin_trusted_keys);
}
+EXPORT_SYMBOL_GPL(restrict_link_by_builtin_trusted);
/**
* restrict_link_by_digsig_builtin - Restrict digitalSignature key additions by the built-in keyring
@@ -102,6 +103,7 @@ int restrict_link_by_builtin_and_secondary_trusted(
return restrict_link_by_signature(dest_keyring, type, payload,
secondary_trusted_keys);
}
+EXPORT_SYMBOL_GPL(restrict_link_by_builtin_and_secondary_trusted);
/**
* restrict_link_by_digsig_builtin_and_secondary - Restrict by digitalSignature.
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 010/104] crypto/testmgr: make fips_allowed a bit set
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (8 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 009/104] certs/system_keyring: export restrict_link_by_builtin_*trusted Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 011/104] crypto/testmgr: mark non-crypto algorithms Vegard Nossum
` (94 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
We'd like to distinguish between algorithms that are allowed by FIPS
due to being approved and algorithms that are allowed by FIPS due to
being non-cryptographic in nature (despite using the kernel's crypto
API).
Replace "1" with a named constant, FIPS_ALLOWED.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/testmgr.c | 218 ++++++++++++++++++++++++-----------------------
1 file changed, 112 insertions(+), 106 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 47764fc879bb..4ca54cf6e244 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -142,12 +142,18 @@ struct kpp_test_suite {
unsigned int count;
};
+/*
+ * Allowed algorithms are those which can exist inside a
+ * cryptographic module without making the module non-compliant
+ */
+#define FIPS_ALLOWED 1
+
struct alg_test_desc {
const char *alg;
const char *generic_driver;
int (*test)(const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask);
- int fips_allowed; /* set if alg is allowed in fips mode */
+ int fips_allowed; /* see FIPS_* constants above */
union {
struct aead_test_suite aead;
@@ -4234,7 +4240,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "authenc(hmac(sha256),cbc(aes))",
.generic_driver = "authenc(hmac-sha256-lib,cbc(aes-generic))",
.test = alg_test_aead,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.aead = __VECS(hmac_sha256_aes_cbc_tv_temp)
}
@@ -4255,7 +4261,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "authenc(hmac(sha256),ctr(aes))",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "authenc(hmac(sha256),cts(cbc(aes)))",
.generic_driver = "authenc(hmac-sha256-lib,cts(cbc(aes-generic)))",
@@ -4266,7 +4272,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "authenc(hmac(sha384),cbc(des))",
.generic_driver = "authenc(hmac-sha384-lib,cbc(des-generic))",
@@ -4284,7 +4290,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "authenc(hmac(sha384),ctr(aes))",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "authenc(hmac(sha384),cts(cbc(aes)))",
.generic_driver = "authenc(hmac-sha384-lib,cts(cbc(aes-generic)))",
@@ -4295,11 +4301,11 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "authenc(hmac(sha512),cbc(aes))",
.generic_driver = "authenc(hmac-sha512-lib,cbc(aes-generic))",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_aead,
.suite = {
.aead = __VECS(hmac_sha512_aes_cbc_tv_temp)
@@ -4321,11 +4327,11 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "authenc(hmac(sha512),ctr(aes))",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "blake2b-160",
.test = alg_test_hash,
@@ -4357,7 +4363,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "cbc(aes)",
.test = alg_test_skcipher,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.cipher = __VECS(aes_cbc_tv_template)
},
@@ -4415,7 +4421,7 @@ static const struct alg_test_desc alg_test_descs[] = {
*/
.alg = "cbc(paes)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
/* Same as cbc(sm4) except the key is stored in
* hardware secure memory which we reference by index
@@ -4443,7 +4449,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
.alg = "cbc-paes-s390",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(aes_cbc_tv_template)
@@ -4465,7 +4471,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "ccm(aes)",
.generic_driver = "ccm_base(ctr(aes-generic),cbcmac(aes-generic))",
.test = alg_test_aead,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.aead = {
____VECS(aes_ccm_tv_template),
@@ -4490,7 +4496,7 @@ static const struct alg_test_desc alg_test_descs[] = {
},
}, {
.alg = "cmac(aes)",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_hash,
.suite = {
.hash = __VECS(aes_cmac128_tv_template)
@@ -4517,7 +4523,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "crc32",
.generic_driver = "crc32-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(crc32_tv_template)
}
@@ -4525,14 +4531,14 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "crc32c",
.generic_driver = "crc32c-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(crc32c_tv_template)
}
}, {
.alg = "ctr(aes)",
.test = alg_test_skcipher,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.cipher = __VECS(aes_ctr_tv_template)
}
@@ -4584,7 +4590,7 @@ static const struct alg_test_desc alg_test_descs[] = {
*/
.alg = "ctr(paes)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
/* Same as ctr(sm4) except the key is stored in
@@ -4613,7 +4619,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
.alg = "ctr-paes-s390",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(aes_ctr_tv_template)
@@ -4622,7 +4628,7 @@ static const struct alg_test_desc alg_test_descs[] = {
#endif
.alg = "cts(cbc(aes))",
.test = alg_test_skcipher,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.cipher = __VECS(cts_mode_tv_template)
}
@@ -4632,7 +4638,7 @@ static const struct alg_test_desc alg_test_descs[] = {
*/
.alg = "cts(cbc(paes))",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "cts(cbc(sm4))",
.test = alg_test_skcipher,
@@ -4648,7 +4654,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "deflate",
.test = alg_test_comp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.comp = {
.comp = __VECS(deflate_comp_tv_template),
@@ -4658,7 +4664,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "deflate-iaa",
.test = alg_test_comp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.comp = {
.comp = __VECS(deflate_comp_tv_template),
@@ -4677,28 +4683,28 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "drbg_nopr_ctr_aes128",
.test = alg_test_drbg,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
}
}, {
.alg = "drbg_nopr_ctr_aes192",
.test = alg_test_drbg,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
}
}, {
.alg = "drbg_nopr_ctr_aes256",
.test = alg_test_drbg,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
}
}, {
.alg = "drbg_nopr_hmac_sha256",
.test = alg_test_drbg,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
}
@@ -4709,18 +4715,18 @@ static const struct alg_test_desc alg_test_descs[] = {
*/
.alg = "drbg_nopr_hmac_sha384",
.test = alg_test_null,
- .fips_allowed = 1
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "drbg_nopr_hmac_sha512",
.test = alg_test_drbg,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.drbg = __VECS(drbg_nopr_hmac_sha512_tv_template)
}
}, {
.alg = "drbg_nopr_sha256",
.test = alg_test_drbg,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.drbg = __VECS(drbg_nopr_sha256_tv_template)
}
@@ -4728,31 +4734,31 @@ static const struct alg_test_desc alg_test_descs[] = {
/* covered by drbg_nopr_sha256 test */
.alg = "drbg_nopr_sha384",
.test = alg_test_null,
- .fips_allowed = 1
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "drbg_nopr_sha512",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_null,
}, {
.alg = "drbg_pr_ctr_aes128",
.test = alg_test_drbg,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
}
}, {
/* covered by drbg_pr_ctr_aes128 test */
.alg = "drbg_pr_ctr_aes192",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_null,
}, {
.alg = "drbg_pr_ctr_aes256",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_null,
}, {
.alg = "drbg_pr_hmac_sha256",
.test = alg_test_drbg,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
}
@@ -4760,15 +4766,15 @@ static const struct alg_test_desc alg_test_descs[] = {
/* covered by drbg_pr_hmac_sha256 test */
.alg = "drbg_pr_hmac_sha384",
.test = alg_test_null,
- .fips_allowed = 1
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "drbg_pr_hmac_sha512",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "drbg_pr_sha256",
.test = alg_test_drbg,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.drbg = __VECS(drbg_pr_sha256_tv_template)
}
@@ -4776,15 +4782,15 @@ static const struct alg_test_desc alg_test_descs[] = {
/* covered by drbg_pr_sha256 test */
.alg = "drbg_pr_sha384",
.test = alg_test_null,
- .fips_allowed = 1
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "drbg_pr_sha512",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_null,
}, {
.alg = "ecb(aes)",
.test = alg_test_skcipher,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.cipher = __VECS(aes_tv_template)
}
@@ -4834,7 +4840,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ecb(cipher_null)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "ecb(des)",
.test = alg_test_skcipher,
@@ -4868,7 +4874,7 @@ static const struct alg_test_desc alg_test_descs[] = {
*/
.alg = "ecb(paes)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "ecb(seed)",
.test = alg_test_skcipher,
@@ -4914,7 +4920,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
.alg = "ecb-paes-s390",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(aes_tv_template)
@@ -4929,14 +4935,14 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ecdh-nist-p256",
.test = alg_test_kpp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.kpp = __VECS(ecdh_p256_tv_template)
}
}, {
.alg = "ecdh-nist-p384",
.test = alg_test_kpp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.kpp = __VECS(ecdh_p384_tv_template)
}
@@ -4949,21 +4955,21 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ecdsa-nist-p256",
.test = alg_test_sig,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.sig = __VECS(ecdsa_nist_p256_tv_template)
}
}, {
.alg = "ecdsa-nist-p384",
.test = alg_test_sig,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.sig = __VECS(ecdsa_nist_p384_tv_template)
}
}, {
.alg = "ecdsa-nist-p521",
.test = alg_test_sig,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.sig = __VECS(ecdsa_nist_p521_tv_template)
}
@@ -4977,7 +4983,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "essiv(authenc(hmac(sha256),cbc(aes)),sha256)",
.generic_driver = "essiv(authenc(hmac-sha256-lib,cbc(aes-generic)),sha256-lib)",
.test = alg_test_aead,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.aead = __VECS(essiv_hmac_sha256_aes_cbc_tv_temp)
}
@@ -4985,7 +4991,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "essiv(cbc(aes),sha256)",
.generic_driver = "essiv(cbc(aes-generic),sha256-lib)",
.test = alg_test_skcipher,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.cipher = __VECS(essiv_aes_cbc_tv_template)
}
@@ -4993,35 +4999,35 @@ static const struct alg_test_desc alg_test_descs[] = {
#if IS_ENABLED(CONFIG_CRYPTO_DH_RFC7919_GROUPS)
.alg = "ffdhe2048(dh)",
.test = alg_test_kpp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.kpp = __VECS(ffdhe2048_dh_tv_template)
}
}, {
.alg = "ffdhe3072(dh)",
.test = alg_test_kpp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.kpp = __VECS(ffdhe3072_dh_tv_template)
}
}, {
.alg = "ffdhe4096(dh)",
.test = alg_test_kpp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.kpp = __VECS(ffdhe4096_dh_tv_template)
}
}, {
.alg = "ffdhe6144(dh)",
.test = alg_test_kpp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.kpp = __VECS(ffdhe6144_dh_tv_template)
}
}, {
.alg = "ffdhe8192(dh)",
.test = alg_test_kpp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.kpp = __VECS(ffdhe8192_dh_tv_template)
}
@@ -5030,7 +5036,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "gcm(aes)",
.generic_driver = "gcm_base(ctr(aes-generic),ghash-generic)",
.test = alg_test_aead,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.aead = __VECS(aes_gcm_tv_template)
}
@@ -5085,7 +5091,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "hmac(sha224)",
.generic_driver = "hmac-sha224-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha224_tv_template)
}
@@ -5093,35 +5099,35 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "hmac(sha256)",
.generic_driver = "hmac-sha256-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha256_tv_template)
}
}, {
.alg = "hmac(sha3-224)",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha3_224_tv_template)
}
}, {
.alg = "hmac(sha3-256)",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha3_256_tv_template)
}
}, {
.alg = "hmac(sha3-384)",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha3_384_tv_template)
}
}, {
.alg = "hmac(sha3-512)",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha3_512_tv_template)
}
@@ -5129,7 +5135,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "hmac(sha384)",
.generic_driver = "hmac-sha384-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha384_tv_template)
}
@@ -5137,7 +5143,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "hmac(sha512)",
.generic_driver = "hmac-sha512-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha512_tv_template)
}
@@ -5161,7 +5167,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}, {
.alg = "jitterentropy_rng",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_null,
}, {
.alg = "krb5enc(cmac(camellia),cts(cbc(camellia)))",
@@ -5205,7 +5211,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lz4",
.test = alg_test_comp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.comp = {
.comp = __VECS(lz4_comp_tv_template),
@@ -5215,7 +5221,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lz4hc",
.test = alg_test_comp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.comp = {
.comp = __VECS(lz4hc_comp_tv_template),
@@ -5225,7 +5231,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lzo",
.test = alg_test_comp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.comp = {
.comp = __VECS(lzo_comp_tv_template),
@@ -5235,7 +5241,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lzo-rle",
.test = alg_test_comp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.comp = {
.comp = __VECS(lzorle_comp_tv_template),
@@ -5272,18 +5278,18 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "p1363(ecdsa-nist-p256)",
.test = alg_test_sig,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.sig = __VECS(p1363_ecdsa_nist_p256_tv_template)
}
}, {
.alg = "p1363(ecdsa-nist-p384)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "p1363(ecdsa-nist-p521)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "pcbc(fcrypt)",
.test = alg_test_skcipher,
@@ -5294,28 +5300,28 @@ static const struct alg_test_desc alg_test_descs[] = {
#if IS_ENABLED(CONFIG_CRYPTO_PHMAC_S390)
.alg = "phmac(sha224)",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha224_tv_template)
}
}, {
.alg = "phmac(sha256)",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha256_tv_template)
}
}, {
.alg = "phmac(sha384)",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha384_tv_template)
}
}, {
.alg = "phmac(sha512)",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(hmac_sha512_tv_template)
}
@@ -5329,38 +5335,38 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "pkcs1(rsa,sha224)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "pkcs1(rsa,sha256)",
.test = alg_test_sig,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.sig = __VECS(pkcs1_rsa_tv_template)
}
}, {
.alg = "pkcs1(rsa,sha3-256)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "pkcs1(rsa,sha3-384)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "pkcs1(rsa,sha3-512)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "pkcs1(rsa,sha384)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "pkcs1(rsa,sha512)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "pkcs1pad(rsa)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "polyval",
.test = alg_test_hash,
@@ -5370,7 +5376,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "rfc3686(ctr(aes))",
.test = alg_test_skcipher,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.cipher = __VECS(aes_ctr_rfc3686_tv_template)
}
@@ -5384,7 +5390,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "rfc4106(gcm(aes))",
.generic_driver = "rfc4106(gcm_base(ctr(aes-generic),ghash-generic))",
.test = alg_test_aead,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.aead = {
____VECS(aes_gcm_rfc4106_tv_template),
@@ -5396,7 +5402,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "rfc4309(ccm(aes))",
.generic_driver = "rfc4309(ccm_base(ctr(aes-generic),cbcmac(aes-generic)))",
.test = alg_test_aead,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.aead = {
____VECS(aes_ccm_rfc4309_tv_template),
@@ -5440,7 +5446,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "rsa",
.test = alg_test_akcipher,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.akcipher = __VECS(rsa_tv_template)
}
@@ -5455,7 +5461,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "sha224",
.generic_driver = "sha224-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(sha224_tv_template)
}
@@ -5463,35 +5469,35 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "sha256",
.generic_driver = "sha256-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(sha256_tv_template)
}
}, {
.alg = "sha3-224",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(sha3_224_tv_template)
}
}, {
.alg = "sha3-256",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(sha3_256_tv_template)
}
}, {
.alg = "sha3-384",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(sha3_384_tv_template)
}
}, {
.alg = "sha3-512",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(sha3_512_tv_template)
}
@@ -5499,7 +5505,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "sha384",
.generic_driver = "sha384-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(sha384_tv_template)
}
@@ -5507,7 +5513,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "sha512",
.generic_driver = "sha512-lib",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(sha512_tv_template)
}
@@ -5556,21 +5562,21 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "x962(ecdsa-nist-p256)",
.test = alg_test_sig,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.sig = __VECS(x962_ecdsa_nist_p256_tv_template)
}
}, {
.alg = "x962(ecdsa-nist-p384)",
.test = alg_test_sig,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.sig = __VECS(x962_ecdsa_nist_p384_tv_template)
}
}, {
.alg = "x962(ecdsa-nist-p521)",
.test = alg_test_sig,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.sig = __VECS(x962_ecdsa_nist_p521_tv_template)
}
@@ -5608,7 +5614,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "xts(aes)",
.generic_driver = "xts(ecb(aes-generic))",
.test = alg_test_skcipher,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.cipher = __VECS(aes_xts_tv_template)
}
@@ -5632,7 +5638,7 @@ static const struct alg_test_desc alg_test_descs[] = {
*/
.alg = "xts(paes)",
.test = alg_test_null,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
}, {
.alg = "xts(serpent)",
.generic_driver = "xts(ecb(serpent-generic))",
@@ -5657,7 +5663,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
.alg = "xts-paes-s390",
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(aes_xts_tv_template)
@@ -5666,14 +5672,14 @@ static const struct alg_test_desc alg_test_descs[] = {
#endif
.alg = "xxhash64",
.test = alg_test_hash,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.hash = __VECS(xxhash64_tv_template)
}
}, {
.alg = "zstd",
.test = alg_test_comp,
- .fips_allowed = 1,
+ .fips_allowed = FIPS_ALLOWED,
.suite = {
.comp = {
.comp = __VECS(zstd_comp_tv_template),
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 011/104] crypto/testmgr: mark non-crypto algorithms
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (9 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 010/104] crypto/testmgr: make fips_allowed a bit set Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 012/104] crypto/algapi: don't init algapi in fips mode Vegard Nossum
` (93 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Add a new constant FIPS_NON_CRYPTOGRAPHIC and add it to all the
algorithms that are allowed by FIPS due to their non-cryptographic
nature.
This will include CRC32* and all compression algorithms.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/testmgr.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 4ca54cf6e244..a216cb8b8caf 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -148,6 +148,13 @@ struct kpp_test_suite {
*/
#define FIPS_ALLOWED 1
+/*
+ * Algorithm is not considered a cryptographic algorithm from
+ * a FIPS point of view and may be used for non-cryptographic
+ * purposes.
+ */
+#define FIPS_NON_CRYPTOGRAPHIC 2
+
struct alg_test_desc {
const char *alg;
const char *generic_driver;
@@ -4523,7 +4530,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "crc32",
.generic_driver = "crc32-lib",
.test = alg_test_hash,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.hash = __VECS(crc32_tv_template)
}
@@ -4531,7 +4538,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "crc32c",
.generic_driver = "crc32c-lib",
.test = alg_test_hash,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.hash = __VECS(crc32c_tv_template)
}
@@ -4654,7 +4661,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "deflate",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(deflate_comp_tv_template),
@@ -4664,7 +4671,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "deflate-iaa",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(deflate_comp_tv_template),
@@ -5211,7 +5218,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lz4",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(lz4_comp_tv_template),
@@ -5221,7 +5228,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lz4hc",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(lz4hc_comp_tv_template),
@@ -5231,7 +5238,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lzo",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(lzo_comp_tv_template),
@@ -5241,7 +5248,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "lzo-rle",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(lzorle_comp_tv_template),
@@ -5679,7 +5686,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "zstd",
.test = alg_test_comp,
- .fips_allowed = FIPS_ALLOWED,
+ .fips_allowed = FIPS_ALLOWED | FIPS_NON_CRYPTOGRAPHIC,
.suite = {
.comp = {
.comp = __VECS(zstd_comp_tv_template),
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 012/104] crypto/algapi: don't init algapi in fips mode
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (10 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 011/104] crypto/testmgr: mark non-crypto algorithms Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 013/104] crypto/algapi.c: disable crypto_check_module_sig() for FIPS module Vegard Nossum
` (92 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
If the kernel build supports a FIPS module loader and FIPS mode is
enabled, we should not start tests or register /proc/crypto as this
will already have been done by the FIPS module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/algapi.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/crypto/algapi.c b/crypto/algapi.c
index e11b8fdb0865..09faecd47ea7 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -1105,6 +1105,14 @@ static void __init crypto_start_tests(void)
static int __init crypto_algapi_init(void)
{
+#if defined(CONFIG_CRYPTO_FIPS140_EXTMOD) && !defined(FIPS_MODULE)
+ /*
+ * The FIPS module will have done the initialization already.
+ */
+ if (fips_enabled)
+ return 0;
+#endif
+
crypto_init_proc();
crypto_start_tests();
return 0;
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 013/104] crypto/algapi.c: disable crypto_check_module_sig() for FIPS module
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (11 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 012/104] crypto/algapi: don't init algapi in fips mode Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 014/104] crypto/testmgr: add helper to alg_test() Vegard Nossum
` (91 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
The FIPS module is assumed to be loaded from a trusted source (e.g. a
byte array embedded in vmlinux, which is already verified by the boot
loader). We can therefore ignore it for the purposes of module signature
verification in the crypto API.
(One could ask what the purpose of this check is in the first place,
given that modules can always fudge their alg->cra_module to bypass it
-- IOW, this isn't really an effective security check anyway, as far as
I can tell.)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/algapi.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 09faecd47ea7..54b8d4acd651 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -24,7 +24,19 @@ static LIST_HEAD(crypto_template_list);
static inline void crypto_check_module_sig(struct module *mod)
{
- if (fips_enabled && mod && !module_sig_ok(mod))
+#ifdef FIPS_MODULE
+ /*
+ * The FIPS module should ignore its own signature as it was
+ * loaded from a trusted source.
+ */
+ if (mod == THIS_MODULE)
+ return;
+#else
+ if (!fips_enabled)
+ return;
+#endif
+
+ if (mod && !module_sig_ok(mod))
panic("Module %s signature verification failed in FIPS mode\n",
module_name(mod));
}
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 014/104] crypto/testmgr: add helper to alg_test()
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (12 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 013/104] crypto/algapi.c: disable crypto_check_module_sig() for FIPS module Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 015/104] crypto: pass struct crypto_alg directly " Vegard Nossum
` (90 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Add a new helper function, alg_test_fips_disabled() containing the
logic to decide if an algorithm is allowed to be tested.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/testmgr.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a216cb8b8caf..ab7c6724d36f 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5771,6 +5771,17 @@ static int alg_fips_disabled(const char *driver, const char *alg)
return -ECANCELED;
}
+static int alg_test_fips_disabled(const struct alg_test_desc *desc)
+{
+ if (!fips_enabled)
+ return 0;
+
+ /*
+ * Only allow FIPS-allowed algorithms to be tested.
+ */
+ return !(desc->fips_allowed & FIPS_ALLOWED);
+}
+
int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
{
int i;
@@ -5795,7 +5806,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if (i < 0)
goto notest;
- if (fips_enabled && !alg_test_descs[i].fips_allowed)
+ if (alg_test_fips_disabled(&alg_test_descs[i]))
goto non_fips_alg;
rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
@@ -5808,10 +5819,9 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
goto notest;
if (fips_enabled) {
- if (j >= 0 && !alg_test_descs[j].fips_allowed)
+ if (j >= 0 && alg_test_fips_disabled(&alg_test_descs[j]))
return -EINVAL;
-
- if (i >= 0 && !alg_test_descs[i].fips_allowed)
+ if (i >= 0 && alg_test_fips_disabled(&alg_test_descs[i]))
goto non_fips_alg;
}
@@ -5855,7 +5865,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if (i < 0)
goto notest2;
- if (fips_enabled && !alg_test_descs[i].fips_allowed)
+ if (alg_test_fips_disabled(&alg_test_descs[i]))
goto non_fips_alg;
rc = alg_test_skcipher(alg_test_descs + i, driver, type, mask);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 015/104] crypto: pass struct crypto_alg directly to alg_test()
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (13 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 014/104] crypto/testmgr: add helper to alg_test() Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 016/104] crypto: alg - add CRYPTO_ALG_FIPS_PROVIDED flag Vegard Nossum
` (89 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
algboss/cryptomgr_schedule_test/cryptomgr_test currently pass the
algorithm to test by name -- stringly typed.
This is unfortunate as it opens all kinds of potential issues with race
conditions and ultimately the question of whether we actually tested
what we wanted to test.
I see no reason why we should pass the algorithm by name except for the
fact that the crypto API itself is stringly typed when
requesting/instantiating algorithms. Maybe there should be a way to
instantiate an algorithm by alg pointer too?
In any case, let's pass the alg directly so we know precisely what
algorithm we are actually testing.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/algboss.c | 32 ++++++++++----------------------
crypto/internal.h | 2 +-
crypto/tcrypt.c | 18 +++++++++++++++---
crypto/testmgr.c | 24 ++++++++++++------------
4 files changed, 38 insertions(+), 38 deletions(-)
diff --git a/crypto/algboss.c b/crypto/algboss.c
index 846f586889ee..31df14e37a3e 100644
--- a/crypto/algboss.c
+++ b/crypto/algboss.c
@@ -41,12 +41,6 @@ struct cryptomgr_param {
u32 omask;
};
-struct crypto_test_param {
- char driver[CRYPTO_MAX_ALG_NAME];
- char alg[CRYPTO_MAX_ALG_NAME];
- u32 type;
-};
-
static int cryptomgr_probe(void *data)
{
struct cryptomgr_param *param = data;
@@ -172,22 +166,21 @@ static int cryptomgr_schedule_probe(struct crypto_larval *larval)
static int cryptomgr_test(void *data)
{
- struct crypto_test_param *param = data;
- u32 type = param->type;
+ struct crypto_alg *alg = data;
int err;
- err = alg_test(param->driver, param->alg, type, CRYPTO_ALG_TESTED);
+ err = alg_test(alg, alg->cra_driver_name, alg->cra_name,
+ alg->cra_flags, CRYPTO_ALG_TESTED);
- crypto_alg_tested(param->driver, err);
+ crypto_alg_tested(alg->cra_driver_name, err);
- kfree(param);
+ crypto_mod_put(alg);
module_put_and_kthread_exit(0);
}
static int cryptomgr_schedule_test(struct crypto_alg *alg)
{
struct task_struct *thread;
- struct crypto_test_param *param;
if (!IS_ENABLED(CONFIG_CRYPTO_SELFTESTS))
return NOTIFY_DONE;
@@ -195,22 +188,17 @@ static int cryptomgr_schedule_test(struct crypto_alg *alg)
if (!try_module_get(THIS_MODULE))
goto err;
- param = kzalloc(sizeof(*param), GFP_KERNEL);
- if (!param)
+ if (!crypto_mod_get(alg))
goto err_put_module;
- memcpy(param->driver, alg->cra_driver_name, sizeof(param->driver));
- memcpy(param->alg, alg->cra_name, sizeof(param->alg));
- param->type = alg->cra_flags;
-
- thread = kthread_run(cryptomgr_test, param, "cryptomgr_test");
+ thread = kthread_run(cryptomgr_test, alg, "cryptomgr_test");
if (IS_ERR(thread))
- goto err_free_param;
+ goto err_put_alg;
return NOTIFY_STOP;
-err_free_param:
- kfree(param);
+err_put_alg:
+ crypto_mod_put(alg);
err_put_module:
module_put(THIS_MODULE);
err:
diff --git a/crypto/internal.h b/crypto/internal.h
index b9afd68767c1..702934c719ef 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -65,7 +65,7 @@ extern struct list_head crypto_alg_list;
extern struct rw_semaphore crypto_alg_sem;
extern struct blocking_notifier_head crypto_chain;
-int alg_test(const char *driver, const char *alg, u32 type, u32 mask);
+int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask);
#if !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) || !IS_ENABLED(CONFIG_CRYPTO_SELFTESTS)
static inline bool crypto_boot_test_finished(void)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index d1d88debbd71..b69560f2fdef 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1436,16 +1436,28 @@ static void test_cipher_speed(const char *algo, int enc, unsigned int secs,
false);
}
-static inline int tcrypt_test(const char *alg)
+static inline int tcrypt_test(const char *name)
{
int ret;
+ struct crypto_alg *alg;
- pr_debug("testing %s\n", alg);
+ pr_debug("testing %s\n", name);
- ret = alg_test(alg, alg, 0, 0);
+ alg = crypto_alg_mod_lookup(name, 0, 0);
+ if (IS_ERR(alg)) {
+ /* non-fip algs return -EAGAIN or -ENOENT in fips mode */
+ if (fips_enabled && (PTR_ERR(alg) == -EAGAIN || PTR_ERR(alg) == -ENOENT))
+ return 0;
+
+ return PTR_ERR(alg);
+ }
+
+ ret = alg_test(alg, name, name, 0, 0);
/* non-fips algs return -EINVAL or -ECANCELED in fips mode */
if (fips_enabled && (ret == -EINVAL || ret == -ECANCELED))
ret = 0;
+
+ crypto_mod_put(alg);
return ret;
}
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ab7c6724d36f..25aadf5b6690 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -61,7 +61,7 @@ MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations");
#ifndef CONFIG_CRYPTO_SELFTESTS
/* a perfect nop */
-int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
+int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
{
return 0;
}
@@ -5782,7 +5782,7 @@ static int alg_test_fips_disabled(const struct alg_test_desc *desc)
return !(desc->fips_allowed & FIPS_ALLOWED);
}
-int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
+int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
{
int i;
int j;
@@ -5798,7 +5798,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
char nalg[CRYPTO_MAX_ALG_NAME];
- if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
+ if (snprintf(nalg, sizeof(nalg), "ecb(%s)", name) >=
sizeof(nalg))
return -ENAMETOOLONG;
@@ -5813,7 +5813,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
goto test_done;
}
- i = alg_find_test(alg);
+ i = alg_find_test(name);
j = alg_find_test(driver);
if (i < 0 && j < 0)
goto notest;
@@ -5838,17 +5838,17 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if (fips_enabled) {
fips_fail_notify();
panic("alg: self-tests for %s (driver %s) failed in fips mode!\n",
- alg, driver);
+ name, driver);
}
pr_warn("alg: self-tests for %s (driver %s) failed (rc=%d)",
- alg, driver, rc);
+ name, driver, rc);
WARN(rc != -ENOENT,
"alg: self-tests for %s (driver %s) failed (rc=%d)",
- alg, driver, rc);
+ name, driver, rc);
} else {
if (fips_enabled)
pr_info("alg: self-tests for %s (driver %s) passed\n",
- alg, driver);
+ name, driver);
}
return rc;
@@ -5857,7 +5857,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_LSKCIPHER) {
char nalg[CRYPTO_MAX_ALG_NAME];
- if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
+ if (snprintf(nalg, sizeof(nalg), "ecb(%s)", name) >=
sizeof(nalg))
goto notest2;
@@ -5873,14 +5873,14 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
}
notest2:
- printk(KERN_INFO "alg: No test for %s (driver %s)\n", alg, driver);
+ printk(KERN_INFO "alg: No test for %s (driver %s)\n", name, driver);
if (type & CRYPTO_ALG_FIPS_INTERNAL)
- return alg_fips_disabled(driver, alg);
+ return alg_fips_disabled(driver, name);
return 0;
non_fips_alg:
- return alg_fips_disabled(driver, alg);
+ return alg_fips_disabled(driver, name);
}
#endif /* CONFIG_CRYPTO_SELFTESTS */
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 016/104] crypto: alg - add CRYPTO_ALG_FIPS_PROVIDED flag
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (14 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 015/104] crypto: pass struct crypto_alg directly " Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 017/104] crypto: testmgr: check that we got the expected alg Vegard Nossum
` (88 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use a new flag to record whether a particular algorithm is provided by
a standalone FIPS 140 module.
Note: This does not mean the algorithm is "FIPS approved" or even "FIPS
allowed" -- it simply means the algorithm is implemented within the FIPS
module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/algapi.c | 30 ++++++++++++++++++++++++++++++
crypto/testmgr.c | 22 +++++++++++++++-------
include/linux/crypto.h | 8 ++++++++
3 files changed, 53 insertions(+), 7 deletions(-)
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 54b8d4acd651..29076797a938 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -450,6 +450,9 @@ int crypto_register_alg(struct crypto_alg *alg)
if (err)
return err;
+ /* Blatant API misuse */
+ BUG_ON(alg->cra_flags & CRYPTO_ALG_FIPS_PROVIDED);
+
if (alg->cra_flags & CRYPTO_ALG_DUP_FIRST &&
!WARN_ON_ONCE(alg->cra_destroy)) {
unsigned int algsize = alg->cra_type->algsize;
@@ -463,6 +466,13 @@ int crypto_register_alg(struct crypto_alg *alg)
alg->cra_destroy = crypto_free_alg;
}
+#ifdef FIPS_MODULE
+ if (alg->cra_module == THIS_MODULE) {
+ alg->cra_flags |= CRYPTO_ALG_FIPS_PROVIDED;
+ alg->cra_priority |= 4096;
+ }
+#endif
+
down_write(&crypto_alg_sem);
larval = __crypto_register_alg(alg, &algs_to_put);
if (!IS_ERR_OR_NULL(larval)) {
@@ -666,6 +676,9 @@ int crypto_register_instance(struct crypto_template *tmpl,
struct crypto_larval *larval;
struct crypto_spawn *spawn;
u32 fips_internal = 0;
+#ifdef FIPS_MODULE
+ u32 fips_provided = ~0;
+#endif
LIST_HEAD(algs_to_put);
int err;
@@ -673,6 +686,9 @@ int crypto_register_instance(struct crypto_template *tmpl,
if (err)
return err;
+ /* Blatant API misuse */
+ BUG_ON(inst->alg.cra_flags & CRYPTO_ALG_FIPS_PROVIDED);
+
inst->alg.cra_module = tmpl->module;
inst->alg.cra_flags |= CRYPTO_ALG_INSTANCE;
inst->alg.cra_destroy = crypto_destroy_instance;
@@ -692,6 +708,13 @@ int crypto_register_instance(struct crypto_template *tmpl,
fips_internal |= spawn->alg->cra_flags;
+#ifdef FIPS_MODULE
+ if (spawn->alg->cra_module == THIS_MODULE)
+ fips_provided &= spawn->alg->cra_flags;
+ else
+ fips_provided = 0;
+#endif
+
crypto_mod_put(spawn->alg);
spawn = next;
@@ -699,6 +722,13 @@ int crypto_register_instance(struct crypto_template *tmpl,
inst->alg.cra_flags |= (fips_internal & CRYPTO_ALG_FIPS_INTERNAL);
+#ifdef FIPS_MODULE
+ if (tmpl->module == THIS_MODULE && (fips_provided & CRYPTO_ALG_FIPS_PROVIDED)) {
+ inst->alg.cra_flags |= CRYPTO_ALG_FIPS_PROVIDED;
+ inst->alg.cra_priority |= 4096;
+ }
+#endif
+
larval = __crypto_register_alg(&inst->alg, &algs_to_put);
if (IS_ERR(larval))
goto unlock;
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 25aadf5b6690..1dfd37761a4f 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5771,15 +5771,23 @@ static int alg_fips_disabled(const char *driver, const char *alg)
return -ECANCELED;
}
-static int alg_test_fips_disabled(const struct alg_test_desc *desc)
+static int alg_test_fips_disabled(const struct crypto_alg *alg, const struct alg_test_desc *desc)
{
if (!fips_enabled)
return 0;
/*
- * Only allow FIPS-allowed algorithms to be tested.
+ * If the algorithm is completely provided by the FIPS module
+ * we still require it to be allowed accoding to our test table.
*/
- return !(desc->fips_allowed & FIPS_ALLOWED);
+ if (alg->cra_flags & CRYPTO_ALG_FIPS_PROVIDED)
+ return !(desc->fips_allowed & FIPS_ALLOWED);
+
+ /*
+ * If the algorithm is not provided by the FIPS module, then
+ * it must be FIPS_NON_CRYPTOGRAPHIC.
+ */
+ return !(desc->fips_allowed & FIPS_NON_CRYPTOGRAPHIC);
}
int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
@@ -5806,7 +5814,7 @@ int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 t
if (i < 0)
goto notest;
- if (alg_test_fips_disabled(&alg_test_descs[i]))
+ if (alg_test_fips_disabled(alg, &alg_test_descs[i]))
goto non_fips_alg;
rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
@@ -5819,9 +5827,9 @@ int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 t
goto notest;
if (fips_enabled) {
- if (j >= 0 && alg_test_fips_disabled(&alg_test_descs[j]))
+ if (j >= 0 && alg_test_fips_disabled(alg, &alg_test_descs[j]))
return -EINVAL;
- if (i >= 0 && alg_test_fips_disabled(&alg_test_descs[i]))
+ if (i >= 0 && alg_test_fips_disabled(alg, &alg_test_descs[i]))
goto non_fips_alg;
}
@@ -5865,7 +5873,7 @@ int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 t
if (i < 0)
goto notest2;
- if (alg_test_fips_disabled(&alg_test_descs[i]))
+ if (alg_test_fips_disabled(alg, &alg_test_descs[i]))
goto non_fips_alg;
rc = alg_test_skcipher(alg_test_descs + i, driver, type, mask);
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index a2137e19be7d..737e53a642d4 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -139,6 +139,14 @@
/* Set if the algorithm cannot have a fallback (e.g., phmac). */
#define CRYPTO_ALG_NO_FALLBACK 0x00080000
+/*
+ * The algorithm is provided by the FIPS module.
+ *
+ * NOTE: an algorithm can be provided by the FIPS module and not be
+ * approved, depending on the exact parameters like key size, etc.
+ */
+#define CRYPTO_ALG_FIPS_PROVIDED 0x00100000
+
/* The high bits 0xff000000 are reserved for type-specific flags. */
/*
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 017/104] crypto: testmgr: check that we got the expected alg
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (15 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 016/104] crypto: alg - add CRYPTO_ALG_FIPS_PROVIDED flag Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 018/104] crypto: make sure crypto_alg_tested() finds the correct algorithm Vegard Nossum
` (87 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
alg_test() is testing a specific crypto algorithm, but does the lookup
by name.
Add a new helper, check_alg(), to be called after allocating your tfm,
to verify that the algorithm we are actually testing is the algorithm
we meant to test.
This is vitally important so no races or other shenanigans can cause a
test to be scheduled for a particular driver and end up actually testing
a different one.
Note that if this warning ever triggers, it indicates that there is a
problem with how algorithms are registered/unregistered and how tests
are scheduled, as it should normally not be possible to end up testing
something you didn't mean to test.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/testmgr.c | 130 +++++++++++++++++++++++++++++++++++++----------
1 file changed, 102 insertions(+), 28 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 1dfd37761a4f..35626ae18c60 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -158,8 +158,8 @@ struct kpp_test_suite {
struct alg_test_desc {
const char *alg;
const char *generic_driver;
- int (*test)(const struct alg_test_desc *desc, const char *driver,
- u32 type, u32 mask);
+ int (*test)(struct crypto_alg *alg, const struct alg_test_desc *desc,
+ const char *driver, u32 type, u32 mask);
int fips_allowed; /* see FIPS_* constants above */
union {
@@ -1914,7 +1914,18 @@ static int alloc_shash(const char *driver, u32 type, u32 mask,
return 0;
}
-static int __alg_test_hash(const struct hash_testvec *vecs,
+static int check_alg(struct crypto_alg *expected, struct crypto_alg *actual)
+{
+ if (actual == expected)
+ return 0;
+
+ WARN(1, "alg: expected driver %s, got %s\n",
+ expected->cra_driver_name, actual->cra_driver_name);
+ return -EINVAL;
+}
+
+static int __alg_test_hash(struct crypto_alg *alg,
+ const struct hash_testvec *vecs,
unsigned int num_vecs, const char *driver,
u32 type, u32 mask,
const char *generic_driver, unsigned int maxkeysize)
@@ -1942,6 +1953,11 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
driver, PTR_ERR(atfm));
return PTR_ERR(atfm);
}
+
+ err = check_alg(alg, atfm->base.__crt_alg);
+ if (err)
+ goto out;
+
driver = crypto_ahash_driver_name(atfm);
req = ahash_request_alloc(atfm, GFP_KERNEL);
@@ -1960,6 +1976,12 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
if (err)
goto out;
+ if (stfm) {
+ err = check_alg(alg, stfm->base.__crt_alg);
+ if (err)
+ goto out;
+ }
+
tsgl = kmalloc(sizeof(*tsgl), GFP_KERNEL);
if (!tsgl || init_test_sglist(tsgl) != 0) {
pr_err("alg: hash: failed to allocate test buffers for %s\n",
@@ -2005,7 +2027,8 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
return err;
}
-static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
+static int alg_test_hash(struct crypto_alg *alg,
+ const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask)
{
const struct hash_testvec *template = desc->suite.hash.vecs;
@@ -2036,14 +2059,14 @@ static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
err = 0;
if (nr_unkeyed) {
- err = __alg_test_hash(template, nr_unkeyed, driver, type, mask,
- desc->generic_driver, maxkeysize);
+ err = __alg_test_hash(alg, template, nr_unkeyed, driver, type,
+ mask, desc->generic_driver, maxkeysize);
template += nr_unkeyed;
}
if (!err && nr_keyed)
- err = __alg_test_hash(template, nr_keyed, driver, type, mask,
- desc->generic_driver, maxkeysize);
+ err = __alg_test_hash(alg, template, nr_keyed, driver, type,
+ mask, desc->generic_driver, maxkeysize);
return err;
}
@@ -2673,7 +2696,8 @@ static int test_aead(int enc, const struct aead_test_suite *suite,
return 0;
}
-static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
+static int alg_test_aead(struct crypto_alg *alg,
+ const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask)
{
const struct aead_test_suite *suite = &desc->suite.aead;
@@ -2695,6 +2719,11 @@ static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
driver, PTR_ERR(tfm));
return PTR_ERR(tfm);
}
+
+ err = check_alg(alg, tfm->base.__crt_alg);
+ if (err)
+ goto out;
+
driver = crypto_aead_driver_name(tfm);
req = aead_request_alloc(tfm, GFP_KERNEL);
@@ -3230,7 +3259,8 @@ static int test_skcipher(int enc, const struct cipher_test_suite *suite,
return 0;
}
-static int alg_test_skcipher(const struct alg_test_desc *desc,
+static int alg_test_skcipher(struct crypto_alg *alg,
+ const struct alg_test_desc *desc,
const char *driver, u32 type, u32 mask)
{
const struct cipher_test_suite *suite = &desc->suite.cipher;
@@ -3252,6 +3282,11 @@ static int alg_test_skcipher(const struct alg_test_desc *desc,
driver, PTR_ERR(tfm));
return PTR_ERR(tfm);
}
+
+ err = check_alg(alg, tfm->base.__crt_alg);
+ if (err)
+ goto out;
+
driver = crypto_skcipher_driver_name(tfm);
req = skcipher_request_alloc(tfm, GFP_KERNEL);
@@ -3517,7 +3552,8 @@ static int test_cprng(struct crypto_rng *tfm,
return err;
}
-static int alg_test_cipher(const struct alg_test_desc *desc,
+static int alg_test_cipher(struct crypto_alg *alg,
+ const struct alg_test_desc *desc,
const char *driver, u32 type, u32 mask)
{
const struct cipher_test_suite *suite = &desc->suite.cipher;
@@ -3533,16 +3569,22 @@ static int alg_test_cipher(const struct alg_test_desc *desc,
return PTR_ERR(tfm);
}
+ err = check_alg(alg, tfm->base.__crt_alg);
+ if (err)
+ goto out;
+
err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count);
if (!err)
err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count);
+out:
crypto_free_cipher(tfm);
return err;
}
-static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
- u32 type, u32 mask)
+static int alg_test_comp(struct crypto_alg *alg,
+ const struct alg_test_desc *desc,
+ const char *driver, u32 type, u32 mask)
{
struct crypto_acomp *acomp;
int err;
@@ -3555,6 +3597,13 @@ static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
driver, PTR_ERR(acomp));
return PTR_ERR(acomp);
}
+
+ err = check_alg(alg, acomp->base.__crt_alg);
+ if (err) {
+ crypto_free_acomp(acomp);
+ return err;
+ }
+
err = test_acomp(acomp, desc->suite.comp.comp.vecs,
desc->suite.comp.decomp.vecs,
desc->suite.comp.comp.count,
@@ -3563,7 +3612,8 @@ static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
return err;
}
-static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
+static int alg_test_cprng(struct crypto_alg *alg,
+ const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask)
{
struct crypto_rng *rng;
@@ -3578,15 +3628,20 @@ static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
return PTR_ERR(rng);
}
+ err = check_alg(alg, rng->base.__crt_alg);
+ if (err)
+ goto out;
+
err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
+out:
crypto_free_rng(rng);
-
return err;
}
-static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
+static int drbg_cavs_test(struct crypto_alg *alg,
+ const struct drbg_testvec *test, int pr,
const char *driver, u32 type, u32 mask)
{
int ret = -EAGAIN;
@@ -3608,6 +3663,10 @@ static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
return PTR_ERR(drng);
}
+ ret = check_alg(alg, drng->base.__crt_alg);
+ if (ret)
+ goto outbuf;
+
test_data.testentropy = &testentropy;
drbg_string_fill(&testentropy, test->entropy, test->entropylen);
drbg_string_fill(&pers, test->pers, test->perslen);
@@ -3656,7 +3715,8 @@ static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
}
-static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
+static int alg_test_drbg(struct crypto_alg *alg,
+ const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask)
{
int err = 0;
@@ -3669,7 +3729,7 @@ static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
pr = 1;
for (i = 0; i < tcount; i++) {
- err = drbg_cavs_test(&template[i], pr, driver, type, mask);
+ err = drbg_cavs_test(alg, &template[i], pr, driver, type, mask);
if (err) {
printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
i, driver);
@@ -3839,7 +3899,8 @@ static int test_kpp(struct crypto_kpp *tfm, const char *alg,
return 0;
}
-static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
+static int alg_test_kpp(struct crypto_alg *alg,
+ const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask)
{
struct crypto_kpp *tfm;
@@ -3853,10 +3914,16 @@ static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
driver, PTR_ERR(tfm));
return PTR_ERR(tfm);
}
+
+ err = check_alg(alg, tfm->base.__crt_alg);
+ if (err)
+ goto out;
+
if (desc->suite.kpp.vecs)
err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
desc->suite.kpp.count);
+out:
crypto_free_kpp(tfm);
return err;
}
@@ -4022,7 +4089,8 @@ static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
return 0;
}
-static int alg_test_akcipher(const struct alg_test_desc *desc,
+static int alg_test_akcipher(struct crypto_alg *alg,
+ const struct alg_test_desc *desc,
const char *driver, u32 type, u32 mask)
{
struct crypto_akcipher *tfm;
@@ -4036,10 +4104,16 @@ static int alg_test_akcipher(const struct alg_test_desc *desc,
driver, PTR_ERR(tfm));
return PTR_ERR(tfm);
}
+
+ err = check_alg(alg, tfm->base.__crt_alg);
+ if (err)
+ goto out;
+
if (desc->suite.akcipher.vecs)
err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
desc->suite.akcipher.count);
+out:
crypto_free_akcipher(tfm);
return err;
}
@@ -4132,8 +4206,8 @@ static int test_sig(struct crypto_sig *tfm, const char *alg,
return 0;
}
-static int alg_test_sig(const struct alg_test_desc *desc, const char *driver,
- u32 type, u32 mask)
+static int alg_test_sig(struct crypto_alg *alg, const struct alg_test_desc *desc,
+ const char *driver, u32 type, u32 mask)
{
struct crypto_sig *tfm;
int err = 0;
@@ -4152,8 +4226,8 @@ static int alg_test_sig(const struct alg_test_desc *desc, const char *driver,
return err;
}
-static int alg_test_null(const struct alg_test_desc *desc,
- const char *driver, u32 type, u32 mask)
+static int alg_test_null(struct crypto_alg *alg, const struct alg_test_desc *desc,
+ const char *driver, u32 type, u32 mask)
{
return 0;
}
@@ -5817,7 +5891,7 @@ int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 t
if (alg_test_fips_disabled(alg, &alg_test_descs[i]))
goto non_fips_alg;
- rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
+ rc = alg_test_cipher(alg, alg_test_descs + i, driver, type, mask);
goto test_done;
}
@@ -5835,10 +5909,10 @@ int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 t
rc = 0;
if (i >= 0)
- rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
+ rc |= alg_test_descs[i].test(alg, alg_test_descs + i, driver,
type, mask);
if (j >= 0 && j != i)
- rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
+ rc |= alg_test_descs[j].test(alg, alg_test_descs + j, driver,
type, mask);
test_done:
@@ -5876,7 +5950,7 @@ int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 t
if (alg_test_fips_disabled(alg, &alg_test_descs[i]))
goto non_fips_alg;
- rc = alg_test_skcipher(alg_test_descs + i, driver, type, mask);
+ rc = alg_test_skcipher(alg, alg_test_descs + i, driver, type, mask);
goto test_done;
}
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 018/104] crypto: make sure crypto_alg_tested() finds the correct algorithm
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (16 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 017/104] crypto: testmgr: check that we got the expected alg Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 019/104] module: add load_module_mem() helper Vegard Nossum
` (86 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Like the previous commit, pass the algorithm by pointer instead of by
name in order to make sure we mark the algorithm that was actually
tested and not some other algorithm that has the same name.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/algapi.c | 9 +++------
crypto/algboss.c | 2 +-
crypto/internal.h | 2 +-
3 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 29076797a938..8b4a1903557e 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -366,10 +366,9 @@ __crypto_register_alg(struct crypto_alg *alg, struct list_head *algs_to_put)
goto out;
}
-void crypto_alg_tested(const char *name, int err)
+void crypto_alg_tested(struct crypto_alg *alg, int err)
{
struct crypto_larval *test;
- struct crypto_alg *alg;
struct crypto_alg *q;
LIST_HEAD(list);
@@ -379,18 +378,16 @@ void crypto_alg_tested(const char *name, int err)
continue;
test = (struct crypto_larval *)q;
-
- if (!strcmp(q->cra_driver_name, name))
+ if (test->adult == alg)
goto found;
}
- pr_err("alg: Unexpected test result for %s: %d\n", name, err);
+ pr_err("alg: Unexpected test result for %s: %d\n", alg->cra_driver_name, err);
up_write(&crypto_alg_sem);
return;
found:
q->cra_flags |= CRYPTO_ALG_DEAD;
- alg = test->adult;
if (crypto_is_dead(alg))
goto complete;
diff --git a/crypto/algboss.c b/crypto/algboss.c
index 31df14e37a3e..2599c54a49ff 100644
--- a/crypto/algboss.c
+++ b/crypto/algboss.c
@@ -172,7 +172,7 @@ static int cryptomgr_test(void *data)
err = alg_test(alg, alg->cra_driver_name, alg->cra_name,
alg->cra_flags, CRYPTO_ALG_TESTED);
- crypto_alg_tested(alg->cra_driver_name, err);
+ crypto_alg_tested(alg, err);
crypto_mod_put(alg);
module_put_and_kthread_exit(0);
diff --git a/crypto/internal.h b/crypto/internal.h
index 702934c719ef..1000ce8de06c 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -114,7 +114,7 @@ struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask);
struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask);
void crypto_schedule_test(struct crypto_larval *larval);
-void crypto_alg_tested(const char *name, int err);
+void crypto_alg_tested(struct crypto_alg *alg, int err);
void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
struct crypto_alg *nalg);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 019/104] module: add load_module_mem() helper
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (17 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 018/104] crypto: make sure crypto_alg_tested() finds the correct algorithm Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-29 9:47 ` Petr Pavlu
2025-09-04 15:50 ` [PATCH RFC 020/104] module: add a mechanism for pluggable crypto APIs Vegard Nossum
` (85 subsequent siblings)
104 siblings, 1 reply; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum,
Saeed Mirzamohammadi
Add a new helper function, load_module_mem(), which can load a kernel
module from a byte array in memory.
Also add a new module loader flag, MODULE_INIT_MEM, signalling that a
module was loaded in this way.
When a module is loaded with load_module_mem(), we do a few things
differently:
- don't do signature verification
- ignore vermagic
- don't taint the kernel
- keep the initial reference to the module until the caller wants to
drop it
These changes are necessary for having a bundled (but separately
compiled) FIPS module.
We may want to let distros carry patches to disable tainting separately
so this information is not lost in case somebody builds a non-distro
kernel using a FIPS module compiled for an incompatible version.
Co-developed-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
include/linux/module.h | 2 +
include/uapi/linux/module.h | 5 ++
kernel/module/main.c | 99 ++++++++++++++++++++++++++-----------
3 files changed, 77 insertions(+), 29 deletions(-)
diff --git a/include/linux/module.h b/include/linux/module.h
index 3319a5269d28..00d85602fb6a 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -586,6 +586,8 @@ struct module {
#ifdef CONFIG_MODULES
+extern int load_module_mem(const char *mem, size_t size);
+
/* Get/put a kernel symbol (calls must be symmetric) */
void *__symbol_get(const char *symbol);
void *__symbol_get_gpl(const char *symbol);
diff --git a/include/uapi/linux/module.h b/include/uapi/linux/module.h
index 03a33ffffcba..5dcd24018be7 100644
--- a/include/uapi/linux/module.h
+++ b/include/uapi/linux/module.h
@@ -7,4 +7,9 @@
#define MODULE_INIT_IGNORE_VERMAGIC 2
#define MODULE_INIT_COMPRESSED_FILE 4
+#ifdef __KERNEL__
+/* Internal flags */
+#define MODULE_INIT_MEM 30
+#endif
+
#endif /* _UAPI_LINUX_MODULE_H */
diff --git a/kernel/module/main.c b/kernel/module/main.c
index c66b26184936..12ce4bad29ca 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2572,11 +2572,14 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i
static int check_modinfo(struct module *mod, struct load_info *info, int flags)
{
- const char *modmagic = get_modinfo(info, "vermagic");
+ const char *modmagic = NULL;
int err;
- if (flags & MODULE_INIT_IGNORE_VERMAGIC)
- modmagic = NULL;
+ if (flags & MODULE_INIT_MEM)
+ return 0;
+
+ if (!(flags & MODULE_INIT_IGNORE_VERMAGIC))
+ modmagic = get_modinfo(info, "vermagic");
/* This is allowed: modprobe --force will invalidate it. */
if (!modmagic) {
@@ -3007,7 +3010,7 @@ module_param(async_probe, bool, 0644);
* Keep it uninlined to provide a reliable breakpoint target, e.g. for the gdb
* helper command 'lx-symbols'.
*/
-static noinline int do_init_module(struct module *mod)
+static noinline int do_init_module(struct module *mod, int flags)
{
int ret = 0;
struct mod_initfree *freeinit;
@@ -3071,7 +3074,8 @@ static noinline int do_init_module(struct module *mod)
mod->mem[MOD_INIT_TEXT].base + mod->mem[MOD_INIT_TEXT].size);
mutex_lock(&module_mutex);
/* Drop initial reference. */
- module_put(mod);
+ if (!(flags & MODULE_INIT_MEM))
+ module_put(mod);
trim_init_extable(mod);
#ifdef CONFIG_KALLSYMS
/* Switch to core kallsyms now init is done: kallsyms may be walking! */
@@ -3347,31 +3351,17 @@ static int early_mod_check(struct load_info *info, int flags)
/*
* Allocate and load the module: note that size of section 0 is always
* zero, and we rely on this for optional sections.
+ *
+ * NOTE: module signature verification must have been done already.
*/
-static int load_module(struct load_info *info, const char __user *uargs,
- int flags)
+static int _load_module(struct load_info *info, const char __user *uargs,
+ int flags)
{
struct module *mod;
bool module_allocated = false;
long err = 0;
char *after_dashes;
- /*
- * Do the signature check (if any) first. All that
- * the signature check needs is info->len, it does
- * not need any of the section info. That can be
- * set up later. This will minimize the chances
- * of a corrupt module causing problems before
- * we even get to the signature check.
- *
- * The check will also adjust info->len by stripping
- * off the sig length at the end of the module, making
- * checks against info->len more correct.
- */
- err = module_sig_check(info, flags);
- if (err)
- goto free_copy;
-
/*
* Do basic sanity checks against the ELF header and
* sections. Cache useful sections and set the
@@ -3405,7 +3395,8 @@ static int load_module(struct load_info *info, const char __user *uargs,
* We are tainting your kernel if your module gets into
* the modules linked list somehow.
*/
- module_augment_kernel_taints(mod, info);
+ if (!(flags & MODULE_INIT_MEM))
+ module_augment_kernel_taints(mod, info);
/* To avoid stressing percpu allocator, do this once we're unique. */
err = percpu_modalloc(mod, info);
@@ -3452,7 +3443,11 @@ static int load_module(struct load_info *info, const char __user *uargs,
flush_module_icache(mod);
/* Now copy in args */
- mod->args = strndup_user(uargs, ~0UL >> 1);
+ if ((flags & MODULE_INIT_MEM))
+ mod->args = kstrdup("", GFP_KERNEL);
+ else
+ mod->args = strndup_user(uargs, ~0UL >> 1);
+
if (IS_ERR(mod->args)) {
err = PTR_ERR(mod->args);
goto free_arch_cleanup;
@@ -3500,13 +3495,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
if (codetag_load_module(mod))
goto sysfs_cleanup;
- /* Get rid of temporary copy. */
- free_copy(info, flags);
-
/* Done! */
trace_module_load(mod);
- return do_init_module(mod);
+ return do_init_module(mod, flags);
sysfs_cleanup:
mod_sysfs_teardown(mod);
@@ -3562,7 +3554,52 @@ static int load_module(struct load_info *info, const char __user *uargs,
audit_log_kern_module(info->name ? info->name : "?");
mod_stat_bump_becoming(info, flags);
}
+ return err;
+}
+
+/*
+ * Load module from kernel memory without signature check.
+ */
+int load_module_mem(const char *mem, size_t size)
+{
+ int err;
+ struct load_info info = { };
+
+ info.sig_ok = true;
+ info.hdr = (Elf64_Ehdr *) mem;
+ info.len = size;
+
+ err = _load_module(&info, NULL, MODULE_INIT_MEM);
+ if (0)
+ free_copy(&info, 0);
+
+ return err;
+}
+
+static int load_module(struct load_info *info, const char __user *uargs,
+ int flags)
+{
+ int err;
+
+ /*
+ * Do the signature check (if any) first. All that
+ * the signature check needs is info->len, it does
+ * not need any of the section info. That can be
+ * set up later. This will minimize the chances
+ * of a corrupt module causing problems before
+ * we even get to the signature check.
+ *
+ * The check will also adjust info->len by stripping
+ * off the sig length at the end of the module, making
+ * checks against info->len more correct.
+ */
+ err = module_sig_check(info, flags);
+ if (!err)
+ err = _load_module(info, uargs, flags);
+
+ /* Get rid of temporary copy. */
free_copy(info, flags);
+
return err;
}
@@ -3728,6 +3765,10 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags)
pr_debug("finit_module: fd=%d, uargs=%p, flags=%i\n", fd, uargs, flags);
+ /*
+ * Deliberately omitting MODULE_INIT_MEM as it is for internal use
+ * only.
+ */
if (flags & ~(MODULE_INIT_IGNORE_MODVERSIONS
|MODULE_INIT_IGNORE_VERMAGIC
|MODULE_INIT_COMPRESSED_FILE))
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 020/104] module: add a mechanism for pluggable crypto APIs
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (18 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 019/104] module: add load_module_mem() helper Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 021/104] crypto: fips140: include crypto/api.h in a few places Vegard Nossum
` (84 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
For FIPS certification of a standalone FIPS module we need to be able
to switch out the entire kernel crypto API during boot (if booting with
fips=1 on the kernel command line).
This is not easy, as it requires all users/callers of the crypto API
to be updated.
We've settled on using the "static call" functionality for this.
Benefits include no speculative attack gadgets and no performance impact
from indirect calls.
The way it works is that all exported crypto API functions need to be
annotated with DECLARE_CRYPTO_API() in headers and DEFINE_CRYPTO_API()
in the implementations. This will essentially allocate a static call key
for the given function and a static inline wrapper with the actual
static call itself -- any references to the crypto API functions will be
dynamically patched when the FIPS module is enabled.
The static calls are recorded in a new ELF section, __crypto_api_keys,
and are automatically updated when a module providing their targets is
loaded.
The macro FIPS_MODULE is not yet defined anywhere, but will be defined
in a future patch for any code compiled as part of the FIPS module.
Also define wrappers for things like module_init() so that we can record
these in .fips_initcall and link what would usually be a bunch of
modules together without running into errors because the resulting
module has more than one init function.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/Kconfig | 16 ++++
include/asm-generic/vmlinux.lds.h | 1 +
include/crypto/api.h | 154 ++++++++++++++++++++++++++++++
kernel/module/main.c | 26 ++++-
4 files changed, 195 insertions(+), 2 deletions(-)
create mode 100644 include/crypto/api.h
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 23bd98981ae8..a2696ea30bde 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -54,6 +54,22 @@ config CRYPTO_FIPS_VERSION
This option provides the ability to override the FIPS Module Version.
By default the KERNELRELEASE value is used.
+config CRYPTO_FIPS140_EXTMOD
+ bool "FIPS 140-3 external module"
+ depends on CRYPTO_FIPS
+ help
+ Support loading a prebuilt FIPS 140-3 cryptographic module.
+
+config CRYPTO_FIPS140_HMAC_KEY
+ string "FIPS 140-3 external module HMAC key"
+ depends on CRYPTO_FIPS140_EXTMOD
+ default "Sphinx of black quartz, judge my vow"
+ help
+ This is the HMAC key used to build and verify the integrity of
+ the FIPS module.
+
+ Must be at least 14 characters.
+
config CRYPTO_ALGAPI
tristate
select CRYPTO_ALGAPI2
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index ae2d2359b79e..1881d9b6b3ae 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -707,6 +707,7 @@ defined(CONFIG_AUTOFDO_CLANG) || defined(CONFIG_PROPELLER_CLANG)
KERNEL_CTORS() \
MCOUNT_REC() \
*(.init.rodata .init.rodata.*) \
+ BOUNDED_SECTION(__crypto_api_keys) \
FTRACE_EVENTS() \
TRACE_SYSCALLS() \
KPROBE_BLACKLIST() \
diff --git a/include/crypto/api.h b/include/crypto/api.h
new file mode 100644
index 000000000000..cda29e71ebef
--- /dev/null
+++ b/include/crypto/api.h
@@ -0,0 +1,154 @@
+#ifndef _CRYPTO_API_H
+#define _CRYPTO_API_H
+
+#include <linux/static_call.h>
+
+#if !defined(CONFIG_CRYPTO_FIPS140_EXTMOD)
+
+#define CRYPTO_API(name) name
+
+/*
+ * These are the definitions that get used when no standalone FIPS module
+ * is used: we simply forward everything to normal functions and function
+ * calls.
+ */
+
+#define DECLARE_CRYPTO_API(name, ret_type, args_decl, args_call) \
+ ret_type name args_decl;
+
+#define DEFINE_CRYPTO_API(name) \
+ EXPORT_SYMBOL_GPL(name)
+
+#define crypto_module_init(fn) module_init(fn)
+#define crypto_module_exit(fn) module_exit(fn)
+
+#define crypto_arch_initcall(fn) arch_initcall(fn)
+#define crypto_subsys_initcall(fn) subsys_initcall(fn)
+#define crypto_late_initcall(fn) late_initcall(fn)
+
+#define CRYPTO_MODULE_DEVICE_TABLE(type, name) MODULE_DEVICE_TABLE(type, name)
+
+#define crypto_module_cpu_feature_match(x, __initfunc) \
+ module_cpu_feature_match(x, __initfunc)
+
+#else
+
+struct crypto_api_key {
+ struct static_call_key *key;
+ void *tramp;
+ void *func;
+};
+
+#ifndef FIPS_MODULE
+
+/*
+ * These are the definitions that get used for vmlinux and in-tree
+ * kernel modules.
+ *
+ * In this case, all references to the kernel crypto API functions will
+ * be replaced by wrappers that perform a call using the kernel's static_call
+ * functionality.
+ */
+
+#define CRYPTO_API(name) nonfips_##name
+
+/* Consolidated version of different DECLARE_CRYPTO_API versions */
+#define DECLARE_CRYPTO_API(name, ret_type, args_decl, args_call) \
+ ret_type nonfips_##name args_decl; \
+ DECLARE_STATIC_CALL(crypto_##name##_key, nonfips_##name); \
+ static inline ret_type name args_decl \
+ { \
+ return static_call(crypto_##name##_key) args_call; \
+ }
+
+#define DEFINE_CRYPTO_API(name) \
+ DEFINE_STATIC_CALL(crypto_##name##_key, nonfips_##name); \
+ EXPORT_STATIC_CALL(crypto_##name##_key)
+
+#define DEFINE_CRYPTO_API_STUB(name) \
+ DEFINE_STATIC_CALL_NULL(crypto_##name##_key, name); \
+ EXPORT_STATIC_CALL(crypto_##name##_key)
+
+#define crypto_module_init(fn) module_init(fn)
+#define crypto_module_exit(fn) module_exit(fn)
+
+#define crypto_arch_initcall(fn) arch_initcall(fn)
+#define crypto_subsys_initcall(fn) subsys_initcall(fn)
+#define crypto_late_initcall(fn) late_initcall(fn)
+
+#define CRYPTO_MODULE_DEVICE_TABLE(type, name) MODULE_DEVICE_TABLE(type, name)
+
+#define crypto_module_cpu_feature_match(x, __initfunc) \
+ module_cpu_feature_match(x, __initfunc)
+
+#else /* defined(FIPS_MODULE) */
+
+/*
+ * These are the definitions that get used for the FIPS module and
+ * its kernel modules.
+ *
+ * In this case, all crypto API functions resolve directly to their
+ * implementations, since they are all part of the FIPS module.
+ *
+ * We still need to declare the static call keys so we can update
+ * them when the FIPS modules have all been loaded.
+ */
+
+#define CRYPTO_API(name) fips_##name
+
+/* Consolidated version of different DECLARE_CRYPTO_API versions */
+#define DECLARE_CRYPTO_API(name, ret_type, args_decl, args_call) \
+ ret_type fips_##name args_decl; \
+ DECLARE_STATIC_CALL(crypto_##name##_key, fips_##name); \
+ static inline ret_type name args_decl \
+ { \
+ return fips_##name args_call; \
+ }
+
+/*
+ * Create an entry for the static call key so we can initialize it
+ * in the FIPS module.
+ */
+// TODO: make this const initdata, probably
+#define DEFINE_CRYPTO_API(name) \
+ EXPORT_SYMBOL_GPL(fips_##name); \
+ static struct crypto_api_key __##name##_key \
+ __used \
+ __section("__crypto_api_keys") \
+ __aligned(__alignof__(struct crypto_api_key)) = \
+ { \
+ .key = &STATIC_CALL_KEY(crypto_##name##_key), \
+ .tramp = STATIC_CALL_TRAMP_ADDR(crypto_##name##_key), \
+ .func = &fips_##name, \
+ };
+
+#define crypto_module_init(fn) \
+ static unsigned long __used __section(".fips_initcall") \
+ __fips_##fn = (unsigned long) &fn;
+#define crypto_module_exit(fn) \
+ static unsigned long __used __section(".fips_exitcall") \
+ __fips_##fn = (unsigned long) &fn;
+
+#define crypto_arch_initcall(fn) crypto_module_init(fn)
+#define crypto_subsys_initcall(fn) crypto_module_init(fn)
+#define crypto_late_initcall(fn) crypto_module_init(fn)
+
+/*
+ * We don't need to emit device tables or module aliases for the FIPS module,
+ * since it will all be loaded at once anyway.
+ */
+#define CRYPTO_MODULE_DEVICE_TABLE(type, name)
+
+#define crypto_module_cpu_feature_match(x, __initfunc) \
+static int __init cpu_feature_match_ ## x ## _init(void) \
+{ \
+ if (!cpu_have_feature(cpu_feature(x))) \
+ return -ENODEV; \
+ return __initfunc(); \
+} \
+crypto_module_init(cpu_feature_match_ ## x ## _init)
+
+#endif /* defined(FIPS_MODULE) */
+#endif /* defined(CONFIG_CRYPTO_FIPS140_EXTMOD) */
+
+#endif /* !_CRYPTO_API_H */
diff --git a/kernel/module/main.c b/kernel/module/main.c
index 12ce4bad29ca..19a03c8659e2 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -7,6 +7,7 @@
#define INCLUDE_VERMAGIC
+#include <crypto/api.h>
#include <linux/export.h>
#include <linux/extable.h>
#include <linux/moduleloader.h>
@@ -2956,6 +2957,24 @@ static int post_relocation(struct module *mod, const struct load_info *info)
return module_finalize(info->hdr, info->sechdrs, mod);
}
+static void do_crypto_api(struct load_info *info)
+{
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+ struct crypto_api_key *crypto_api_keys;
+ unsigned int num_crypto_api_keys;
+
+ unsigned int i;
+
+ crypto_api_keys = section_objs(info, "__crypto_api_keys",
+ sizeof(*crypto_api_keys), &num_crypto_api_keys);
+
+ for (i = 0; i < num_crypto_api_keys; ++i) {
+ struct crypto_api_key *key = &crypto_api_keys[i];
+ __static_call_update(key->key, key->tramp, key->func);
+ }
+#endif
+}
+
/* Call module constructors. */
static void do_mod_ctors(struct module *mod)
{
@@ -3010,7 +3029,7 @@ module_param(async_probe, bool, 0644);
* Keep it uninlined to provide a reliable breakpoint target, e.g. for the gdb
* helper command 'lx-symbols'.
*/
-static noinline int do_init_module(struct module *mod, int flags)
+static noinline int do_init_module(struct load_info *info, struct module *mod, int flags)
{
int ret = 0;
struct mod_initfree *freeinit;
@@ -3036,6 +3055,9 @@ static noinline int do_init_module(struct module *mod, int flags)
freeinit->init_data = mod->mem[MOD_INIT_DATA].base;
freeinit->init_rodata = mod->mem[MOD_INIT_RODATA].base;
+ if (flags & MODULE_INIT_MEM)
+ do_crypto_api(info);
+
do_mod_ctors(mod);
/* Start the module */
if (mod->init != NULL)
@@ -3498,7 +3520,7 @@ static int _load_module(struct load_info *info, const char __user *uargs,
/* Done! */
trace_module_load(mod);
- return do_init_module(mod, flags);
+ return do_init_module(info, mod, flags);
sysfs_cleanup:
mod_sysfs_teardown(mod);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 021/104] crypto: fips140: include crypto/api.h in a few places
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (19 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 020/104] module: add a mechanism for pluggable crypto APIs Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 022/104] crypto: fips140: convert lib/crypto/aes.c to using crypto API wrappers Vegard Nossum
` (83 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
This is preparatory for the subsequent patches which mostly manage to
add in the necessary includes automatically but will miss these files.
I could have chosen to squash this into those commits, but it's nicer
not to mix manual changes with scripted changes.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs7_key_type.c | 1 +
include/crypto/dh.h | 2 ++
include/crypto/ecdh.h | 2 ++
3 files changed, 5 insertions(+)
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index b930d3bbf1af..e71be8b5b0f2 100644
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -6,6 +6,7 @@
*/
#define pr_fmt(fmt) "PKCS7key: "fmt
+#include <crypto/api.h>
#include <linux/key.h>
#include <linux/err.h>
#include <linux/module.h>
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index 7b863e911cb4..b5891c21cfe0 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -8,6 +8,8 @@
#ifndef _CRYPTO_DH_
#define _CRYPTO_DH_
+#include <crypto/api.h>
+
/**
* DOC: DH Helper Functions
*
diff --git a/include/crypto/ecdh.h b/include/crypto/ecdh.h
index 9784ecdd2fb4..aa09f880c0d3 100644
--- a/include/crypto/ecdh.h
+++ b/include/crypto/ecdh.h
@@ -8,6 +8,8 @@
#ifndef _CRYPTO_ECDH_
#define _CRYPTO_ECDH_
+#include <crypto/api.h>
+
/**
* DOC: ECDH Helper Functions
*
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 022/104] crypto: fips140: convert lib/crypto/aes.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (20 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 021/104] crypto: fips140: include crypto/api.h in a few places Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 023/104] crypto: fips140: convert lib/crypto/aesgcm.c " Vegard Nossum
` (82 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_LIB_AES --source lib/crypto/aes.c --header include/crypto/aes.h --vars crypto_aes_sbox crypto_aes_inv_sbox
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 21 +++++++++++++++++++++
include/crypto/aes.h | 14 ++++++++++----
lib/crypto/aes.c | 12 ++++++------
3 files changed, 37 insertions(+), 10 deletions(-)
create mode 100644 crypto/fips140-api.c
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
new file mode 100644
index 000000000000..029d06763f5a
--- /dev/null
+++ b/crypto/fips140-api.c
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+/*
+ * Define static call keys for any functions which are part of the crypto
+ * API and used by the standalone FIPS module but which are not built into
+ * vmlinux.
+ */
+
+/*
+ * lib/crypto/aes.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_LIB_AES)
+
+#include <crypto/aes.h>
+
+DEFINE_CRYPTO_API_STUB(aes_expandkey);
+DEFINE_CRYPTO_API_STUB(aes_encrypt);
+DEFINE_CRYPTO_API_STUB(aes_decrypt);
+
+#endif
+
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 9339da7c20a8..a72621f552d8 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -6,6 +6,7 @@
#ifndef _CRYPTO_AES_H
#define _CRYPTO_AES_H
+#include <crypto/api.h>
#include <linux/types.h>
#include <linux/crypto.h>
@@ -65,8 +66,9 @@ int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
* described in FIPS-197. The first slot (16 bytes) of each key (enc or dec) is
* for the initial combination, the second slot for the first round and so on.
*/
-int aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
- unsigned int key_len);
+DECLARE_CRYPTO_API(aes_expandkey, int,
+ (struct crypto_aes_ctx *ctx, const u8 *in_key, unsigned int key_len),
+ (ctx, in_key, key_len));
/**
* aes_encrypt - Encrypt a single AES block
@@ -74,7 +76,9 @@ int aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
* @out: Buffer to store the ciphertext
* @in: Buffer containing the plaintext
*/
-void aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in);
+DECLARE_CRYPTO_API(aes_encrypt, void,
+ (const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in),
+ (ctx, out, in));
/**
* aes_decrypt - Decrypt a single AES block
@@ -82,7 +86,9 @@ void aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in);
* @out: Buffer to store the plaintext
* @in: Buffer containing the ciphertext
*/
-void aes_decrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in);
+DECLARE_CRYPTO_API(aes_decrypt, void,
+ (const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in),
+ (ctx, out, in));
extern const u8 crypto_aes_sbox[];
extern const u8 crypto_aes_inv_sbox[];
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
index b57fda3460f1..ece5ce36a305 100644
--- a/lib/crypto/aes.c
+++ b/lib/crypto/aes.c
@@ -183,7 +183,7 @@ static u32 subw(u32 in)
* described in FIPS-197. The first slot (16 bytes) of each key (enc or dec) is
* for the initial combination, the second slot for the first round and so on.
*/
-int aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
+int CRYPTO_API(aes_expandkey)(struct crypto_aes_ctx *ctx, const u8 *in_key,
unsigned int key_len)
{
u32 kwords = key_len / sizeof(u32);
@@ -248,7 +248,7 @@ int aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
return 0;
}
-EXPORT_SYMBOL(aes_expandkey);
+DEFINE_CRYPTO_API(aes_expandkey);
/**
* aes_encrypt - Encrypt a single AES block
@@ -256,7 +256,7 @@ EXPORT_SYMBOL(aes_expandkey);
* @out: Buffer to store the ciphertext
* @in: Buffer containing the plaintext
*/
-void aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
+void CRYPTO_API(aes_encrypt)(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
{
const u32 *rkp = ctx->key_enc + 4;
int rounds = 6 + ctx->key_length / 4;
@@ -299,7 +299,7 @@ void aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
put_unaligned_le32(subshift(st1, 2) ^ rkp[6], out + 8);
put_unaligned_le32(subshift(st1, 3) ^ rkp[7], out + 12);
}
-EXPORT_SYMBOL(aes_encrypt);
+DEFINE_CRYPTO_API(aes_encrypt);
/**
* aes_decrypt - Decrypt a single AES block
@@ -307,7 +307,7 @@ EXPORT_SYMBOL(aes_encrypt);
* @out: Buffer to store the plaintext
* @in: Buffer containing the ciphertext
*/
-void aes_decrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
+void CRYPTO_API(aes_decrypt)(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
{
const u32 *rkp = ctx->key_dec + 4;
int rounds = 6 + ctx->key_length / 4;
@@ -350,7 +350,7 @@ void aes_decrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
put_unaligned_le32(inv_subshift(st1, 2) ^ rkp[6], out + 8);
put_unaligned_le32(inv_subshift(st1, 3) ^ rkp[7], out + 12);
}
-EXPORT_SYMBOL(aes_decrypt);
+DEFINE_CRYPTO_API(aes_decrypt);
MODULE_DESCRIPTION("Generic AES library");
MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 023/104] crypto: fips140: convert lib/crypto/aesgcm.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (21 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 022/104] crypto: fips140: convert lib/crypto/aes.c to using crypto API wrappers Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 024/104] crypto: fips140: convert lib/crypto/gf128mul.c " Vegard Nossum
` (81 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_LIB_AESGCM --source lib/crypto/aesgcm.c --header include/crypto/gcm.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 13 +++++++++++++
include/crypto/gcm.h | 19 ++++++++++---------
lib/crypto/aesgcm.c | 16 ++++++++--------
3 files changed, 31 insertions(+), 17 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 029d06763f5a..4924b11ec592 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -19,3 +19,16 @@ DEFINE_CRYPTO_API_STUB(aes_decrypt);
#endif
+/*
+ * lib/crypto/aesgcm.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_LIB_AESGCM)
+
+#include <crypto/gcm.h>
+
+DEFINE_CRYPTO_API_STUB(aesgcm_expandkey);
+DEFINE_CRYPTO_API_STUB(aesgcm_encrypt);
+DEFINE_CRYPTO_API_STUB(aesgcm_decrypt);
+
+#endif
+
diff --git a/include/crypto/gcm.h b/include/crypto/gcm.h
index fd9df607a836..7275507b3689 100644
--- a/include/crypto/gcm.h
+++ b/include/crypto/gcm.h
@@ -1,6 +1,7 @@
#ifndef _CRYPTO_GCM_H
#define _CRYPTO_GCM_H
+#include <crypto/api.h>
#include <linux/errno.h>
#include <crypto/aes.h>
@@ -70,16 +71,16 @@ struct aesgcm_ctx {
unsigned int authsize;
};
-int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key,
- unsigned int keysize, unsigned int authsize);
+DECLARE_CRYPTO_API(aesgcm_expandkey, int,
+ (struct aesgcm_ctx *ctx, const u8 *key, unsigned int keysize, unsigned int authsize),
+ (ctx, key, keysize, authsize));
-void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src,
- int crypt_len, const u8 *assoc, int assoc_len,
- const u8 iv[GCM_AES_IV_SIZE], u8 *authtag);
+DECLARE_CRYPTO_API(aesgcm_encrypt, void,
+ (const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, int crypt_len, const u8 *assoc, int assoc_len, const u8 iv[GCM_AES_IV_SIZE], u8 *authtag),
+ (ctx, dst, src, crypt_len, assoc, assoc_len, iv, authtag));
-bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst,
- const u8 *src, int crypt_len, const u8 *assoc,
- int assoc_len, const u8 iv[GCM_AES_IV_SIZE],
- const u8 *authtag);
+DECLARE_CRYPTO_API(aesgcm_decrypt, bool __must_check,
+ (const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, int crypt_len, const u8 *assoc, int assoc_len, const u8 iv[GCM_AES_IV_SIZE], const u8 *authtag),
+ (ctx, dst, src, crypt_len, assoc, assoc_len, iv, authtag));
#endif
diff --git a/lib/crypto/aesgcm.c b/lib/crypto/aesgcm.c
index ac0b2fcfd606..1fe4333c0335 100644
--- a/lib/crypto/aesgcm.c
+++ b/lib/crypto/aesgcm.c
@@ -42,7 +42,7 @@ static void aesgcm_encrypt_block(const struct crypto_aes_ctx *ctx, void *dst,
* Returns: 0 on success, or -EINVAL if @keysize or @authsize contain values
* that are not permitted by the GCM specification.
*/
-int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key,
+int CRYPTO_API(aesgcm_expandkey)(struct aesgcm_ctx *ctx, const u8 *key,
unsigned int keysize, unsigned int authsize)
{
u8 kin[AES_BLOCK_SIZE] = {};
@@ -58,7 +58,7 @@ int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key,
return 0;
}
-EXPORT_SYMBOL(aesgcm_expandkey);
+DEFINE_CRYPTO_API(aesgcm_expandkey);
static void aesgcm_ghash(be128 *ghash, const be128 *key, const void *src,
int len)
@@ -144,7 +144,7 @@ static void aesgcm_crypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src,
* tag should be stored. The buffer is assumed to have space for
* @ctx->authsize bytes.
*/
-void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src,
+void CRYPTO_API(aesgcm_encrypt)(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src,
int crypt_len, const u8 *assoc, int assoc_len,
const u8 iv[GCM_AES_IV_SIZE], u8 *authtag)
{
@@ -155,7 +155,7 @@ void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src,
aesgcm_crypt(ctx, dst, src, crypt_len, ctr);
aesgcm_mac(ctx, dst, crypt_len, assoc, assoc_len, ctr, authtag);
}
-EXPORT_SYMBOL(aesgcm_encrypt);
+DEFINE_CRYPTO_API(aesgcm_encrypt);
/**
* aesgcm_decrypt - Perform AES-GCM decryption on a block of data
@@ -174,7 +174,7 @@ EXPORT_SYMBOL(aesgcm_encrypt);
* Returns: true on success, or false if the ciphertext failed authentication.
* On failure, no plaintext will be returned.
*/
-bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst,
+bool __must_check CRYPTO_API(aesgcm_decrypt)(const struct aesgcm_ctx *ctx, u8 *dst,
const u8 *src, int crypt_len, const u8 *assoc,
int assoc_len, const u8 iv[GCM_AES_IV_SIZE],
const u8 *authtag)
@@ -192,7 +192,7 @@ bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst,
aesgcm_crypt(ctx, dst, src, crypt_len, ctr);
return true;
}
-EXPORT_SYMBOL(aesgcm_decrypt);
+DEFINE_CRYPTO_API(aesgcm_decrypt);
MODULE_DESCRIPTION("Generic AES-GCM library");
MODULE_AUTHOR("Ard Biesheuvel <ardb@kernel.org>");
@@ -730,10 +730,10 @@ static int __init libaesgcm_init(void)
}
return 0;
}
-module_init(libaesgcm_init);
+crypto_module_init(libaesgcm_init);
static void __exit libaesgcm_exit(void)
{
}
-module_exit(libaesgcm_exit);
+crypto_module_exit(libaesgcm_exit);
#endif
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 024/104] crypto: fips140: convert lib/crypto/gf128mul.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (22 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 023/104] crypto: fips140: convert lib/crypto/aesgcm.c " Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 025/104] crypto: fips140: convert lib/crypto/memneq.c " Vegard Nossum
` (80 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_LIB_GF128MUL --source lib/crypto/gf128mul.c --header include/crypto/gf128mul.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 17 +++++++++++++++++
include/crypto/gf128mul.h | 29 ++++++++++++++++++++++-------
lib/crypto/gf128mul.c | 28 ++++++++++++++--------------
3 files changed, 53 insertions(+), 21 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 4924b11ec592..6c29b46631e4 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -32,3 +32,20 @@ DEFINE_CRYPTO_API_STUB(aesgcm_decrypt);
#endif
+/*
+ * lib/crypto/gf128mul.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_LIB_GF128MUL)
+
+#include <crypto/gf128mul.h>
+
+DEFINE_CRYPTO_API_STUB(gf128mul_lle);
+DEFINE_CRYPTO_API_STUB(gf128mul_init_4k_lle);
+DEFINE_CRYPTO_API_STUB(gf128mul_4k_lle);
+DEFINE_CRYPTO_API_STUB(gf128mul_x8_ble);
+DEFINE_CRYPTO_API_STUB(gf128mul_init_64k_bbe);
+DEFINE_CRYPTO_API_STUB(gf128mul_free_64k);
+DEFINE_CRYPTO_API_STUB(gf128mul_64k_bbe);
+
+#endif
+
diff --git a/include/crypto/gf128mul.h b/include/crypto/gf128mul.h
index b0853f7cada0..9367a2234fc4 100644
--- a/include/crypto/gf128mul.h
+++ b/include/crypto/gf128mul.h
@@ -49,6 +49,7 @@
#ifndef _CRYPTO_GF128MUL_H
#define _CRYPTO_GF128MUL_H
+#include <crypto/api.h>
#include <asm/byteorder.h>
#include <crypto/b128ops.h>
#include <linux/slab.h>
@@ -160,7 +161,9 @@
/* A slow generic version of gf_mul, implemented for lle
* It multiplies a and b and puts the result in a */
-void gf128mul_lle(be128 *a, const be128 *b);
+DECLARE_CRYPTO_API(gf128mul_lle, void,
+ (be128 *a, const be128 *b),
+ (a, b));
/*
* The following functions multiply a field element by x in
@@ -221,9 +224,15 @@ struct gf128mul_4k {
be128 t[256];
};
-struct gf128mul_4k *gf128mul_init_4k_lle(const be128 *g);
-void gf128mul_4k_lle(be128 *a, const struct gf128mul_4k *t);
-void gf128mul_x8_ble(le128 *r, const le128 *x);
+DECLARE_CRYPTO_API(gf128mul_init_4k_lle, struct gf128mul_4k *,
+ (const be128 *g),
+ (g));
+DECLARE_CRYPTO_API(gf128mul_4k_lle, void,
+ (be128 *a, const struct gf128mul_4k *t),
+ (a, t));
+DECLARE_CRYPTO_API(gf128mul_x8_ble, void,
+ (le128 *r, const le128 *x),
+ (r, x));
static inline void gf128mul_free_4k(struct gf128mul_4k *t)
{
kfree_sensitive(t);
@@ -241,8 +250,14 @@ struct gf128mul_64k {
* factor in the first argument, and the table in the second.
* Afterwards, the result is stored in *a.
*/
-struct gf128mul_64k *gf128mul_init_64k_bbe(const be128 *g);
-void gf128mul_free_64k(struct gf128mul_64k *t);
-void gf128mul_64k_bbe(be128 *a, const struct gf128mul_64k *t);
+DECLARE_CRYPTO_API(gf128mul_init_64k_bbe, struct gf128mul_64k *,
+ (const be128 *g),
+ (g));
+DECLARE_CRYPTO_API(gf128mul_free_64k, void,
+ (struct gf128mul_64k *t),
+ (t));
+DECLARE_CRYPTO_API(gf128mul_64k_bbe, void,
+ (be128 *a, const struct gf128mul_64k *t),
+ (a, t));
#endif /* _CRYPTO_GF128MUL_H */
diff --git a/lib/crypto/gf128mul.c b/lib/crypto/gf128mul.c
index 2a34590fe3f1..15698c82f0d8 100644
--- a/lib/crypto/gf128mul.c
+++ b/lib/crypto/gf128mul.c
@@ -168,7 +168,7 @@ static void gf128mul_x8_bbe(be128 *x)
x->b = cpu_to_be64((b << 8) ^ _tt);
}
-void gf128mul_x8_ble(le128 *r, const le128 *x)
+void CRYPTO_API(gf128mul_x8_ble)(le128 *r, const le128 *x)
{
u64 a = le64_to_cpu(x->a);
u64 b = le64_to_cpu(x->b);
@@ -177,9 +177,9 @@ void gf128mul_x8_ble(le128 *r, const le128 *x)
r->a = cpu_to_le64((a << 8) | (b >> 56));
r->b = cpu_to_le64((b << 8) ^ _tt);
}
-EXPORT_SYMBOL(gf128mul_x8_ble);
+DEFINE_CRYPTO_API(gf128mul_x8_ble);
-void gf128mul_lle(be128 *r, const be128 *b)
+void CRYPTO_API(gf128mul_lle)(be128 *r, const be128 *b)
{
/*
* The p array should be aligned to twice the size of its element type,
@@ -224,7 +224,7 @@ void gf128mul_lle(be128 *r, const be128 *b)
gf128mul_x8_lle_ti(r); /* use the time invariant version */
}
}
-EXPORT_SYMBOL(gf128mul_lle);
+DEFINE_CRYPTO_API(gf128mul_lle);
/* This version uses 64k bytes of table space.
A 16 byte buffer has to be multiplied by a 16 byte key
@@ -240,7 +240,7 @@ EXPORT_SYMBOL(gf128mul_lle);
* t[1][BYTE] contains g*x^8*BYTE
* ..
* t[15][BYTE] contains g*x^120*BYTE */
-struct gf128mul_64k *gf128mul_init_64k_bbe(const be128 *g)
+struct gf128mul_64k *CRYPTO_API(gf128mul_init_64k_bbe)(const be128 *g)
{
struct gf128mul_64k *t;
int i, j, k;
@@ -280,9 +280,9 @@ struct gf128mul_64k *gf128mul_init_64k_bbe(const be128 *g)
out:
return t;
}
-EXPORT_SYMBOL(gf128mul_init_64k_bbe);
+DEFINE_CRYPTO_API(gf128mul_init_64k_bbe);
-void gf128mul_free_64k(struct gf128mul_64k *t)
+void CRYPTO_API(gf128mul_free_64k)(struct gf128mul_64k *t)
{
int i;
@@ -290,9 +290,9 @@ void gf128mul_free_64k(struct gf128mul_64k *t)
kfree_sensitive(t->t[i]);
kfree_sensitive(t);
}
-EXPORT_SYMBOL(gf128mul_free_64k);
+DEFINE_CRYPTO_API(gf128mul_free_64k);
-void gf128mul_64k_bbe(be128 *a, const struct gf128mul_64k *t)
+void CRYPTO_API(gf128mul_64k_bbe)(be128 *a, const struct gf128mul_64k *t)
{
u8 *ap = (u8 *)a;
be128 r[1];
@@ -303,7 +303,7 @@ void gf128mul_64k_bbe(be128 *a, const struct gf128mul_64k *t)
be128_xor(r, r, &t->t[i]->t[ap[15 - i]]);
*a = *r;
}
-EXPORT_SYMBOL(gf128mul_64k_bbe);
+DEFINE_CRYPTO_API(gf128mul_64k_bbe);
/* This version uses 4k bytes of table space.
A 16 byte buffer has to be multiplied by a 16 byte key
@@ -321,7 +321,7 @@ EXPORT_SYMBOL(gf128mul_64k_bbe);
lower byte in the buffer, stopping when we reach the
lowest byte. This requires a 4096 byte table.
*/
-struct gf128mul_4k *gf128mul_init_4k_lle(const be128 *g)
+struct gf128mul_4k *CRYPTO_API(gf128mul_init_4k_lle)(const be128 *g)
{
struct gf128mul_4k *t;
int j, k;
@@ -341,9 +341,9 @@ struct gf128mul_4k *gf128mul_init_4k_lle(const be128 *g)
out:
return t;
}
-EXPORT_SYMBOL(gf128mul_init_4k_lle);
+DEFINE_CRYPTO_API(gf128mul_init_4k_lle);
-void gf128mul_4k_lle(be128 *a, const struct gf128mul_4k *t)
+void CRYPTO_API(gf128mul_4k_lle)(be128 *a, const struct gf128mul_4k *t)
{
u8 *ap = (u8 *)a;
be128 r[1];
@@ -356,7 +356,7 @@ void gf128mul_4k_lle(be128 *a, const struct gf128mul_4k *t)
}
*a = *r;
}
-EXPORT_SYMBOL(gf128mul_4k_lle);
+DEFINE_CRYPTO_API(gf128mul_4k_lle);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Functions for multiplying elements of GF(2^128)");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 025/104] crypto: fips140: convert lib/crypto/memneq.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (23 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 024/104] crypto: fips140: convert lib/crypto/gf128mul.c " Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 026/104] crypto: fips140: convert lib/crypto/sha256.c " Vegard Nossum
` (79 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_LIB_UTILS --source lib/crypto/memneq.c --header include/crypto/utils.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 11 +++++++++++
include/crypto/utils.h | 5 ++++-
lib/crypto/memneq.c | 4 ++--
3 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 6c29b46631e4..16d0d8afebe7 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -49,3 +49,14 @@ DEFINE_CRYPTO_API_STUB(gf128mul_64k_bbe);
#endif
+/*
+ * lib/crypto/memneq.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_LIB_UTILS)
+
+#include <crypto/utils.h>
+
+DEFINE_CRYPTO_API_STUB(__crypto_memneq);
+
+#endif
+
diff --git a/include/crypto/utils.h b/include/crypto/utils.h
index 2594f45777b5..d7c3dae79138 100644
--- a/include/crypto/utils.h
+++ b/include/crypto/utils.h
@@ -7,6 +7,7 @@
#ifndef _CRYPTO_UTILS_H
#define _CRYPTO_UTILS_H
+#include <crypto/api.h>
#include <linux/unaligned.h>
#include <linux/compiler_attributes.h>
#include <linux/types.h>
@@ -53,7 +54,9 @@ static inline void crypto_xor_cpy(u8 *dst, const u8 *src1, const u8 *src2,
}
}
-noinline unsigned long __crypto_memneq(const void *a, const void *b, size_t size);
+DECLARE_CRYPTO_API(__crypto_memneq, unsigned long,
+ (const void *a, const void *b, size_t size),
+ (a, b, size));
/**
* crypto_memneq - Compare two areas of memory without leaking
diff --git a/lib/crypto/memneq.c b/lib/crypto/memneq.c
index 44daacb8cb51..2ee1d7d71d49 100644
--- a/lib/crypto/memneq.c
+++ b/lib/crypto/memneq.c
@@ -161,7 +161,7 @@ static inline unsigned long __crypto_memneq_16(const void *a, const void *b)
* not call this function directly, but should instead use
* crypto_memneq defined in crypto/algapi.h.
*/
-noinline unsigned long __crypto_memneq(const void *a, const void *b,
+unsigned long CRYPTO_API(__crypto_memneq)(const void *a, const void *b,
size_t size)
{
switch (size) {
@@ -171,4 +171,4 @@ noinline unsigned long __crypto_memneq(const void *a, const void *b,
return __crypto_memneq_generic(a, b, size);
}
}
-EXPORT_SYMBOL(__crypto_memneq);
+DEFINE_CRYPTO_API(__crypto_memneq);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 026/104] crypto: fips140: convert lib/crypto/sha256.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (24 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 025/104] crypto: fips140: convert lib/crypto/memneq.c " Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 21:29 ` Eric Biggers
2025-09-04 15:50 ` [PATCH RFC 027/104] crypto: fips140: convert lib/crypto/sha512.c " Vegard Nossum
` (78 subsequent siblings)
104 siblings, 1 reply; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_LIB_SHA256 --source lib/crypto/sha256.c --header include/crypto/sha2.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 28 +++++++++++++++
include/crypto/sha2.h | 84 ++++++++++++++++++++++++++++---------------
lib/crypto/sha256.c | 76 +++++++++++++++++++--------------------
3 files changed, 121 insertions(+), 67 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 16d0d8afebe7..3b1677049c55 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -60,3 +60,31 @@ DEFINE_CRYPTO_API_STUB(__crypto_memneq);
#endif
+/*
+ * lib/crypto/sha256.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_LIB_SHA256)
+
+#include <crypto/sha2.h>
+
+DEFINE_CRYPTO_API_STUB(__sha256_update);
+DEFINE_CRYPTO_API_STUB(__hmac_sha256_init);
+DEFINE_CRYPTO_API_STUB(sha224_init);
+DEFINE_CRYPTO_API_STUB(sha224_final);
+DEFINE_CRYPTO_API_STUB(sha224);
+DEFINE_CRYPTO_API_STUB(hmac_sha224_preparekey);
+DEFINE_CRYPTO_API_STUB(hmac_sha224_init_usingrawkey);
+DEFINE_CRYPTO_API_STUB(hmac_sha224_final);
+DEFINE_CRYPTO_API_STUB(hmac_sha224);
+DEFINE_CRYPTO_API_STUB(hmac_sha224_usingrawkey);
+DEFINE_CRYPTO_API_STUB(sha256_init);
+DEFINE_CRYPTO_API_STUB(sha256_final);
+DEFINE_CRYPTO_API_STUB(sha256);
+DEFINE_CRYPTO_API_STUB(hmac_sha256_preparekey);
+DEFINE_CRYPTO_API_STUB(hmac_sha256_init_usingrawkey);
+DEFINE_CRYPTO_API_STUB(hmac_sha256_final);
+DEFINE_CRYPTO_API_STUB(hmac_sha256);
+DEFINE_CRYPTO_API_STUB(hmac_sha256_usingrawkey);
+
+#endif
+
diff --git a/include/crypto/sha2.h b/include/crypto/sha2.h
index 15e461e568cc..9fafcd99e9ce 100644
--- a/include/crypto/sha2.h
+++ b/include/crypto/sha2.h
@@ -6,6 +6,7 @@
#ifndef _CRYPTO_SHA2_H
#define _CRYPTO_SHA2_H
+#include <crypto/api.h>
#include <linux/types.h>
#define SHA224_DIGEST_SIZE 28
@@ -129,7 +130,9 @@ struct __sha256_ctx {
u64 bytecount;
u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64));
};
-void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len);
+DECLARE_CRYPTO_API(__sha256_update, void,
+ (struct __sha256_ctx *ctx, const u8 *data, size_t len),
+ (ctx, data, len));
/*
* HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256.
@@ -144,8 +147,9 @@ struct __hmac_sha256_ctx {
struct __sha256_ctx sha_ctx;
struct sha256_block_state ostate;
};
-void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx,
- const struct __hmac_sha256_key *key);
+DECLARE_CRYPTO_API(__hmac_sha256_init, void,
+ (struct __hmac_sha256_ctx *ctx, const struct __hmac_sha256_key *key),
+ (ctx, key));
/**
* struct sha224_ctx - Context for hashing a message with SHA-224
@@ -163,7 +167,9 @@ struct sha224_ctx {
*
* Context: Any context.
*/
-void sha224_init(struct sha224_ctx *ctx);
+DECLARE_CRYPTO_API(sha224_init, void,
+ (struct sha224_ctx *ctx),
+ (ctx));
/**
* sha224_update() - Update a SHA-224 context with message data
@@ -190,7 +196,9 @@ static inline void sha224_update(struct sha224_ctx *ctx,
*
* Context: Any context.
*/
-void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(sha224_final, void,
+ (struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]),
+ (ctx, out));
/**
* sha224() - Compute SHA-224 message digest in one shot
@@ -200,7 +208,9 @@ void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]);
*
* Context: Any context.
*/
-void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(sha224, void,
+ (const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]),
+ (data, len, out));
/**
* struct hmac_sha224_key - Prepared key for HMAC-SHA224
@@ -229,8 +239,9 @@ struct hmac_sha224_ctx {
*
* Context: Any context.
*/
-void hmac_sha224_preparekey(struct hmac_sha224_key *key,
- const u8 *raw_key, size_t raw_key_len);
+DECLARE_CRYPTO_API(hmac_sha224_preparekey, void,
+ (struct hmac_sha224_key *key, const u8 *raw_key, size_t raw_key_len),
+ (key, raw_key, raw_key_len));
/**
* hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message
@@ -259,8 +270,9 @@ static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx,
*
* Context: Any context.
*/
-void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx,
- const u8 *raw_key, size_t raw_key_len);
+DECLARE_CRYPTO_API(hmac_sha224_init_usingrawkey, void,
+ (struct hmac_sha224_ctx *ctx, const u8 *raw_key, size_t raw_key_len),
+ (ctx, raw_key, raw_key_len));
/**
* hmac_sha224_update() - Update an HMAC-SHA224 context with message data
@@ -287,7 +299,9 @@ static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx,
*
* Context: Any context.
*/
-void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha224_final, void,
+ (struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]),
+ (ctx, out));
/**
* hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key
@@ -300,8 +314,9 @@ void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]);
*
* Context: Any context.
*/
-void hmac_sha224(const struct hmac_sha224_key *key,
- const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha224, void,
+ (const struct hmac_sha224_key *key, const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]),
+ (key, data, data_len, out));
/**
* hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key
@@ -316,9 +331,9 @@ void hmac_sha224(const struct hmac_sha224_key *key,
*
* Context: Any context.
*/
-void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len,
- const u8 *data, size_t data_len,
- u8 out[SHA224_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha224_usingrawkey, void,
+ (const u8 *raw_key, size_t raw_key_len, const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]),
+ (raw_key, raw_key_len, data, data_len, out));
/**
* struct sha256_ctx - Context for hashing a message with SHA-256
@@ -336,7 +351,9 @@ struct sha256_ctx {
*
* Context: Any context.
*/
-void sha256_init(struct sha256_ctx *ctx);
+DECLARE_CRYPTO_API(sha256_init, void,
+ (struct sha256_ctx *ctx),
+ (ctx));
/**
* sha256_update() - Update a SHA-256 context with message data
@@ -363,7 +380,9 @@ static inline void sha256_update(struct sha256_ctx *ctx,
*
* Context: Any context.
*/
-void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(sha256_final, void,
+ (struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]),
+ (ctx, out));
/**
* sha256() - Compute SHA-256 message digest in one shot
@@ -373,7 +392,9 @@ void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
*
* Context: Any context.
*/
-void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(sha256, void,
+ (const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]),
+ (data, len, out));
/**
* struct hmac_sha256_key - Prepared key for HMAC-SHA256
@@ -402,8 +423,9 @@ struct hmac_sha256_ctx {
*
* Context: Any context.
*/
-void hmac_sha256_preparekey(struct hmac_sha256_key *key,
- const u8 *raw_key, size_t raw_key_len);
+DECLARE_CRYPTO_API(hmac_sha256_preparekey, void,
+ (struct hmac_sha256_key *key, const u8 *raw_key, size_t raw_key_len),
+ (key, raw_key, raw_key_len));
/**
* hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message
@@ -432,8 +454,9 @@ static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx,
*
* Context: Any context.
*/
-void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx,
- const u8 *raw_key, size_t raw_key_len);
+DECLARE_CRYPTO_API(hmac_sha256_init_usingrawkey, void,
+ (struct hmac_sha256_ctx *ctx, const u8 *raw_key, size_t raw_key_len),
+ (ctx, raw_key, raw_key_len));
/**
* hmac_sha256_update() - Update an HMAC-SHA256 context with message data
@@ -460,7 +483,9 @@ static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx,
*
* Context: Any context.
*/
-void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha256_final, void,
+ (struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]),
+ (ctx, out));
/**
* hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key
@@ -473,8 +498,9 @@ void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
*
* Context: Any context.
*/
-void hmac_sha256(const struct hmac_sha256_key *key,
- const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha256, void,
+ (const struct hmac_sha256_key *key, const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]),
+ (key, data, data_len, out));
/**
* hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key
@@ -489,9 +515,9 @@ void hmac_sha256(const struct hmac_sha256_key *key,
*
* Context: Any context.
*/
-void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len,
- const u8 *data, size_t data_len,
- u8 out[SHA256_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha256_usingrawkey, void,
+ (const u8 *raw_key, size_t raw_key_len, const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]),
+ (raw_key, raw_key_len, data, data_len, out));
/* State for the SHA-512 (and SHA-384) compression function */
struct sha512_block_state {
diff --git a/lib/crypto/sha256.c b/lib/crypto/sha256.c
index 8fa15165d23e..36a9f2bf77e2 100644
--- a/lib/crypto/sha256.c
+++ b/lib/crypto/sha256.c
@@ -162,19 +162,19 @@ static void __sha256_init(struct __sha256_ctx *ctx,
ctx->bytecount = initial_bytecount;
}
-void sha224_init(struct sha224_ctx *ctx)
+void CRYPTO_API(sha224_init)(struct sha224_ctx *ctx)
{
__sha256_init(&ctx->ctx, &sha224_iv, 0);
}
-EXPORT_SYMBOL_GPL(sha224_init);
+DEFINE_CRYPTO_API(sha224_init);
-void sha256_init(struct sha256_ctx *ctx)
+void CRYPTO_API(sha256_init)(struct sha256_ctx *ctx)
{
__sha256_init(&ctx->ctx, &sha256_iv, 0);
}
-EXPORT_SYMBOL_GPL(sha256_init);
+DEFINE_CRYPTO_API(sha256_init);
-void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len)
+void CRYPTO_API(__sha256_update)(struct __sha256_ctx *ctx, const u8 *data, size_t len)
{
size_t partial = ctx->bytecount % SHA256_BLOCK_SIZE;
@@ -205,7 +205,7 @@ void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len)
if (len)
memcpy(&ctx->buf[partial], data, len);
}
-EXPORT_SYMBOL(__sha256_update);
+DEFINE_CRYPTO_API(__sha256_update);
static void __sha256_final(struct __sha256_ctx *ctx,
u8 *out, size_t digest_size)
@@ -227,21 +227,21 @@ static void __sha256_final(struct __sha256_ctx *ctx,
put_unaligned_be32(ctx->state.h[i / 4], out + i);
}
-void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE])
+void CRYPTO_API(sha224_final)(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE])
{
__sha256_final(&ctx->ctx, out, SHA224_DIGEST_SIZE);
memzero_explicit(ctx, sizeof(*ctx));
}
-EXPORT_SYMBOL(sha224_final);
+DEFINE_CRYPTO_API(sha224_final);
-void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE])
+void CRYPTO_API(sha256_final)(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE])
{
__sha256_final(&ctx->ctx, out, SHA256_DIGEST_SIZE);
memzero_explicit(ctx, sizeof(*ctx));
}
-EXPORT_SYMBOL(sha256_final);
+DEFINE_CRYPTO_API(sha256_final);
-void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE])
+void CRYPTO_API(sha224)(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE])
{
struct sha224_ctx ctx;
@@ -249,9 +249,9 @@ void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE])
sha224_update(&ctx, data, len);
sha224_final(&ctx, out);
}
-EXPORT_SYMBOL(sha224);
+DEFINE_CRYPTO_API(sha224);
-void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE])
+void CRYPTO_API(sha256)(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE])
{
struct sha256_ctx ctx;
@@ -259,7 +259,7 @@ void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE])
sha256_update(&ctx, data, len);
sha256_final(&ctx, out);
}
-EXPORT_SYMBOL(sha256);
+DEFINE_CRYPTO_API(sha256);
/* pre-boot environment (as indicated by __DISABLE_EXPORTS) doesn't need HMAC */
#ifndef __DISABLE_EXPORTS
@@ -296,47 +296,47 @@ static void __hmac_sha256_preparekey(struct sha256_block_state *istate,
memzero_explicit(&derived_key, sizeof(derived_key));
}
-void hmac_sha224_preparekey(struct hmac_sha224_key *key,
+void CRYPTO_API(hmac_sha224_preparekey)(struct hmac_sha224_key *key,
const u8 *raw_key, size_t raw_key_len)
{
__hmac_sha256_preparekey(&key->key.istate, &key->key.ostate,
raw_key, raw_key_len, &sha224_iv);
}
-EXPORT_SYMBOL_GPL(hmac_sha224_preparekey);
+DEFINE_CRYPTO_API(hmac_sha224_preparekey);
-void hmac_sha256_preparekey(struct hmac_sha256_key *key,
+void CRYPTO_API(hmac_sha256_preparekey)(struct hmac_sha256_key *key,
const u8 *raw_key, size_t raw_key_len)
{
__hmac_sha256_preparekey(&key->key.istate, &key->key.ostate,
raw_key, raw_key_len, &sha256_iv);
}
-EXPORT_SYMBOL_GPL(hmac_sha256_preparekey);
+DEFINE_CRYPTO_API(hmac_sha256_preparekey);
-void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx,
+void CRYPTO_API(__hmac_sha256_init)(struct __hmac_sha256_ctx *ctx,
const struct __hmac_sha256_key *key)
{
__sha256_init(&ctx->sha_ctx, &key->istate, SHA256_BLOCK_SIZE);
ctx->ostate = key->ostate;
}
-EXPORT_SYMBOL_GPL(__hmac_sha256_init);
+DEFINE_CRYPTO_API(__hmac_sha256_init);
-void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx,
+void CRYPTO_API(hmac_sha224_init_usingrawkey)(struct hmac_sha224_ctx *ctx,
const u8 *raw_key, size_t raw_key_len)
{
__hmac_sha256_preparekey(&ctx->ctx.sha_ctx.state, &ctx->ctx.ostate,
raw_key, raw_key_len, &sha224_iv);
ctx->ctx.sha_ctx.bytecount = SHA256_BLOCK_SIZE;
}
-EXPORT_SYMBOL_GPL(hmac_sha224_init_usingrawkey);
+DEFINE_CRYPTO_API(hmac_sha224_init_usingrawkey);
-void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx,
+void CRYPTO_API(hmac_sha256_init_usingrawkey)(struct hmac_sha256_ctx *ctx,
const u8 *raw_key, size_t raw_key_len)
{
__hmac_sha256_preparekey(&ctx->ctx.sha_ctx.state, &ctx->ctx.ostate,
raw_key, raw_key_len, &sha256_iv);
ctx->ctx.sha_ctx.bytecount = SHA256_BLOCK_SIZE;
}
-EXPORT_SYMBOL_GPL(hmac_sha256_init_usingrawkey);
+DEFINE_CRYPTO_API(hmac_sha256_init_usingrawkey);
static void __hmac_sha256_final(struct __hmac_sha256_ctx *ctx,
u8 *out, size_t digest_size)
@@ -357,21 +357,21 @@ static void __hmac_sha256_final(struct __hmac_sha256_ctx *ctx,
memzero_explicit(ctx, sizeof(*ctx));
}
-void hmac_sha224_final(struct hmac_sha224_ctx *ctx,
+void CRYPTO_API(hmac_sha224_final)(struct hmac_sha224_ctx *ctx,
u8 out[SHA224_DIGEST_SIZE])
{
__hmac_sha256_final(&ctx->ctx, out, SHA224_DIGEST_SIZE);
}
-EXPORT_SYMBOL_GPL(hmac_sha224_final);
+DEFINE_CRYPTO_API(hmac_sha224_final);
-void hmac_sha256_final(struct hmac_sha256_ctx *ctx,
+void CRYPTO_API(hmac_sha256_final)(struct hmac_sha256_ctx *ctx,
u8 out[SHA256_DIGEST_SIZE])
{
__hmac_sha256_final(&ctx->ctx, out, SHA256_DIGEST_SIZE);
}
-EXPORT_SYMBOL_GPL(hmac_sha256_final);
+DEFINE_CRYPTO_API(hmac_sha256_final);
-void hmac_sha224(const struct hmac_sha224_key *key,
+void CRYPTO_API(hmac_sha224)(const struct hmac_sha224_key *key,
const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE])
{
struct hmac_sha224_ctx ctx;
@@ -380,9 +380,9 @@ void hmac_sha224(const struct hmac_sha224_key *key,
hmac_sha224_update(&ctx, data, data_len);
hmac_sha224_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(hmac_sha224);
+DEFINE_CRYPTO_API(hmac_sha224);
-void hmac_sha256(const struct hmac_sha256_key *key,
+void CRYPTO_API(hmac_sha256)(const struct hmac_sha256_key *key,
const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE])
{
struct hmac_sha256_ctx ctx;
@@ -391,9 +391,9 @@ void hmac_sha256(const struct hmac_sha256_key *key,
hmac_sha256_update(&ctx, data, data_len);
hmac_sha256_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(hmac_sha256);
+DEFINE_CRYPTO_API(hmac_sha256);
-void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len,
+void CRYPTO_API(hmac_sha224_usingrawkey)(const u8 *raw_key, size_t raw_key_len,
const u8 *data, size_t data_len,
u8 out[SHA224_DIGEST_SIZE])
{
@@ -403,9 +403,9 @@ void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len,
hmac_sha224_update(&ctx, data, data_len);
hmac_sha224_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(hmac_sha224_usingrawkey);
+DEFINE_CRYPTO_API(hmac_sha224_usingrawkey);
-void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len,
+void CRYPTO_API(hmac_sha256_usingrawkey)(const u8 *raw_key, size_t raw_key_len,
const u8 *data, size_t data_len,
u8 out[SHA256_DIGEST_SIZE])
{
@@ -415,7 +415,7 @@ void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len,
hmac_sha256_update(&ctx, data, data_len);
hmac_sha256_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(hmac_sha256_usingrawkey);
+DEFINE_CRYPTO_API(hmac_sha256_usingrawkey);
#endif /* !__DISABLE_EXPORTS */
#ifdef sha256_mod_init_arch
@@ -424,12 +424,12 @@ static int __init sha256_mod_init(void)
sha256_mod_init_arch();
return 0;
}
-subsys_initcall(sha256_mod_init);
+crypto_subsys_initcall(sha256_mod_init);
static void __exit sha256_mod_exit(void)
{
}
-module_exit(sha256_mod_exit);
+crypto_module_exit(sha256_mod_exit);
#endif
MODULE_DESCRIPTION("SHA-224, SHA-256, HMAC-SHA224, and HMAC-SHA256 library functions");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 027/104] crypto: fips140: convert lib/crypto/sha512.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (25 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 026/104] crypto: fips140: convert lib/crypto/sha256.c " Vegard Nossum
@ 2025-09-04 15:50 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 028/104] crypto: fips140: convert lib/crypto/utils.c " Vegard Nossum
` (77 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:50 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_LIB_SHA512 --source lib/crypto/sha512.c --header include/crypto/sha2.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 28 +++++++++++++++
include/crypto/sha2.h | 83 ++++++++++++++++++++++++++++---------------
lib/crypto/sha512.c | 76 +++++++++++++++++++--------------------
3 files changed, 120 insertions(+), 67 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 3b1677049c55..13148a3d3519 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -88,3 +88,31 @@ DEFINE_CRYPTO_API_STUB(hmac_sha256_usingrawkey);
#endif
+/*
+ * lib/crypto/sha512.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_LIB_SHA512)
+
+#include <crypto/sha2.h>
+
+DEFINE_CRYPTO_API_STUB(__sha512_update);
+DEFINE_CRYPTO_API_STUB(__hmac_sha512_init);
+DEFINE_CRYPTO_API_STUB(sha384_init);
+DEFINE_CRYPTO_API_STUB(sha384_final);
+DEFINE_CRYPTO_API_STUB(sha384);
+DEFINE_CRYPTO_API_STUB(hmac_sha384_preparekey);
+DEFINE_CRYPTO_API_STUB(hmac_sha384_init_usingrawkey);
+DEFINE_CRYPTO_API_STUB(hmac_sha384_final);
+DEFINE_CRYPTO_API_STUB(hmac_sha384);
+DEFINE_CRYPTO_API_STUB(hmac_sha384_usingrawkey);
+DEFINE_CRYPTO_API_STUB(sha512_init);
+DEFINE_CRYPTO_API_STUB(sha512_final);
+DEFINE_CRYPTO_API_STUB(sha512);
+DEFINE_CRYPTO_API_STUB(hmac_sha512_preparekey);
+DEFINE_CRYPTO_API_STUB(hmac_sha512_init_usingrawkey);
+DEFINE_CRYPTO_API_STUB(hmac_sha512_final);
+DEFINE_CRYPTO_API_STUB(hmac_sha512);
+DEFINE_CRYPTO_API_STUB(hmac_sha512_usingrawkey);
+
+#endif
+
diff --git a/include/crypto/sha2.h b/include/crypto/sha2.h
index 9fafcd99e9ce..ce908568009a 100644
--- a/include/crypto/sha2.h
+++ b/include/crypto/sha2.h
@@ -535,7 +535,9 @@ struct __sha512_ctx {
u64 bytecount_hi;
u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64));
};
-void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len);
+DECLARE_CRYPTO_API(__sha512_update, void,
+ (struct __sha512_ctx *ctx, const u8 *data, size_t len),
+ (ctx, data, len));
/*
* HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512.
@@ -550,8 +552,9 @@ struct __hmac_sha512_ctx {
struct __sha512_ctx sha_ctx;
struct sha512_block_state ostate;
};
-void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx,
- const struct __hmac_sha512_key *key);
+DECLARE_CRYPTO_API(__hmac_sha512_init, void,
+ (struct __hmac_sha512_ctx *ctx, const struct __hmac_sha512_key *key),
+ (ctx, key));
/**
* struct sha384_ctx - Context for hashing a message with SHA-384
@@ -569,7 +572,9 @@ struct sha384_ctx {
*
* Context: Any context.
*/
-void sha384_init(struct sha384_ctx *ctx);
+DECLARE_CRYPTO_API(sha384_init, void,
+ (struct sha384_ctx *ctx),
+ (ctx));
/**
* sha384_update() - Update a SHA-384 context with message data
@@ -596,7 +601,9 @@ static inline void sha384_update(struct sha384_ctx *ctx,
*
* Context: Any context.
*/
-void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(sha384_final, void,
+ (struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]),
+ (ctx, out));
/**
* sha384() - Compute SHA-384 message digest in one shot
@@ -606,7 +613,9 @@ void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]);
*
* Context: Any context.
*/
-void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(sha384, void,
+ (const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]),
+ (data, len, out));
/**
* struct hmac_sha384_key - Prepared key for HMAC-SHA384
@@ -635,8 +644,9 @@ struct hmac_sha384_ctx {
*
* Context: Any context.
*/
-void hmac_sha384_preparekey(struct hmac_sha384_key *key,
- const u8 *raw_key, size_t raw_key_len);
+DECLARE_CRYPTO_API(hmac_sha384_preparekey, void,
+ (struct hmac_sha384_key *key, const u8 *raw_key, size_t raw_key_len),
+ (key, raw_key, raw_key_len));
/**
* hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message
@@ -665,8 +675,9 @@ static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx,
*
* Context: Any context.
*/
-void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx,
- const u8 *raw_key, size_t raw_key_len);
+DECLARE_CRYPTO_API(hmac_sha384_init_usingrawkey, void,
+ (struct hmac_sha384_ctx *ctx, const u8 *raw_key, size_t raw_key_len),
+ (ctx, raw_key, raw_key_len));
/**
* hmac_sha384_update() - Update an HMAC-SHA384 context with message data
@@ -693,7 +704,9 @@ static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx,
*
* Context: Any context.
*/
-void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha384_final, void,
+ (struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]),
+ (ctx, out));
/**
* hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key
@@ -706,8 +719,9 @@ void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]);
*
* Context: Any context.
*/
-void hmac_sha384(const struct hmac_sha384_key *key,
- const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha384, void,
+ (const struct hmac_sha384_key *key, const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]),
+ (key, data, data_len, out));
/**
* hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key
@@ -722,9 +736,9 @@ void hmac_sha384(const struct hmac_sha384_key *key,
*
* Context: Any context.
*/
-void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len,
- const u8 *data, size_t data_len,
- u8 out[SHA384_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha384_usingrawkey, void,
+ (const u8 *raw_key, size_t raw_key_len, const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]),
+ (raw_key, raw_key_len, data, data_len, out));
/**
* struct sha512_ctx - Context for hashing a message with SHA-512
@@ -742,7 +756,9 @@ struct sha512_ctx {
*
* Context: Any context.
*/
-void sha512_init(struct sha512_ctx *ctx);
+DECLARE_CRYPTO_API(sha512_init, void,
+ (struct sha512_ctx *ctx),
+ (ctx));
/**
* sha512_update() - Update a SHA-512 context with message data
@@ -769,7 +785,9 @@ static inline void sha512_update(struct sha512_ctx *ctx,
*
* Context: Any context.
*/
-void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(sha512_final, void,
+ (struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]),
+ (ctx, out));
/**
* sha512() - Compute SHA-512 message digest in one shot
@@ -779,7 +797,9 @@ void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]);
*
* Context: Any context.
*/
-void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(sha512, void,
+ (const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]),
+ (data, len, out));
/**
* struct hmac_sha512_key - Prepared key for HMAC-SHA512
@@ -808,8 +828,9 @@ struct hmac_sha512_ctx {
*
* Context: Any context.
*/
-void hmac_sha512_preparekey(struct hmac_sha512_key *key,
- const u8 *raw_key, size_t raw_key_len);
+DECLARE_CRYPTO_API(hmac_sha512_preparekey, void,
+ (struct hmac_sha512_key *key, const u8 *raw_key, size_t raw_key_len),
+ (key, raw_key, raw_key_len));
/**
* hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message
@@ -838,8 +859,9 @@ static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx,
*
* Context: Any context.
*/
-void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx,
- const u8 *raw_key, size_t raw_key_len);
+DECLARE_CRYPTO_API(hmac_sha512_init_usingrawkey, void,
+ (struct hmac_sha512_ctx *ctx, const u8 *raw_key, size_t raw_key_len),
+ (ctx, raw_key, raw_key_len));
/**
* hmac_sha512_update() - Update an HMAC-SHA512 context with message data
@@ -866,7 +888,9 @@ static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx,
*
* Context: Any context.
*/
-void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha512_final, void,
+ (struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]),
+ (ctx, out));
/**
* hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key
@@ -879,8 +903,9 @@ void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]);
*
* Context: Any context.
*/
-void hmac_sha512(const struct hmac_sha512_key *key,
- const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha512, void,
+ (const struct hmac_sha512_key *key, const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]),
+ (key, data, data_len, out));
/**
* hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key
@@ -895,8 +920,8 @@ void hmac_sha512(const struct hmac_sha512_key *key,
*
* Context: Any context.
*/
-void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len,
- const u8 *data, size_t data_len,
- u8 out[SHA512_DIGEST_SIZE]);
+DECLARE_CRYPTO_API(hmac_sha512_usingrawkey, void,
+ (const u8 *raw_key, size_t raw_key_len, const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]),
+ (raw_key, raw_key_len, data, data_len, out));
#endif /* _CRYPTO_SHA2_H */
diff --git a/lib/crypto/sha512.c b/lib/crypto/sha512.c
index d8062188be98..9a170bf1a48c 100644
--- a/lib/crypto/sha512.c
+++ b/lib/crypto/sha512.c
@@ -147,19 +147,19 @@ static void __sha512_init(struct __sha512_ctx *ctx,
ctx->bytecount_hi = 0;
}
-void sha384_init(struct sha384_ctx *ctx)
+void CRYPTO_API(sha384_init)(struct sha384_ctx *ctx)
{
__sha512_init(&ctx->ctx, &sha384_iv, 0);
}
-EXPORT_SYMBOL_GPL(sha384_init);
+DEFINE_CRYPTO_API(sha384_init);
-void sha512_init(struct sha512_ctx *ctx)
+void CRYPTO_API(sha512_init)(struct sha512_ctx *ctx)
{
__sha512_init(&ctx->ctx, &sha512_iv, 0);
}
-EXPORT_SYMBOL_GPL(sha512_init);
+DEFINE_CRYPTO_API(sha512_init);
-void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len)
+void CRYPTO_API(__sha512_update)(struct __sha512_ctx *ctx, const u8 *data, size_t len)
{
size_t partial = ctx->bytecount_lo % SHA512_BLOCK_SIZE;
@@ -191,7 +191,7 @@ void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len)
if (len)
memcpy(&ctx->buf[partial], data, len);
}
-EXPORT_SYMBOL_GPL(__sha512_update);
+DEFINE_CRYPTO_API(__sha512_update);
static void __sha512_final(struct __sha512_ctx *ctx,
u8 *out, size_t digest_size)
@@ -215,21 +215,21 @@ static void __sha512_final(struct __sha512_ctx *ctx,
put_unaligned_be64(ctx->state.h[i / 8], out + i);
}
-void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE])
+void CRYPTO_API(sha384_final)(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE])
{
__sha512_final(&ctx->ctx, out, SHA384_DIGEST_SIZE);
memzero_explicit(ctx, sizeof(*ctx));
}
-EXPORT_SYMBOL_GPL(sha384_final);
+DEFINE_CRYPTO_API(sha384_final);
-void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE])
+void CRYPTO_API(sha512_final)(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE])
{
__sha512_final(&ctx->ctx, out, SHA512_DIGEST_SIZE);
memzero_explicit(ctx, sizeof(*ctx));
}
-EXPORT_SYMBOL_GPL(sha512_final);
+DEFINE_CRYPTO_API(sha512_final);
-void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE])
+void CRYPTO_API(sha384)(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE])
{
struct sha384_ctx ctx;
@@ -237,9 +237,9 @@ void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE])
sha384_update(&ctx, data, len);
sha384_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(sha384);
+DEFINE_CRYPTO_API(sha384);
-void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE])
+void CRYPTO_API(sha512)(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE])
{
struct sha512_ctx ctx;
@@ -247,7 +247,7 @@ void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE])
sha512_update(&ctx, data, len);
sha512_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(sha512);
+DEFINE_CRYPTO_API(sha512);
static void __hmac_sha512_preparekey(struct sha512_block_state *istate,
struct sha512_block_state *ostate,
@@ -282,31 +282,31 @@ static void __hmac_sha512_preparekey(struct sha512_block_state *istate,
memzero_explicit(&derived_key, sizeof(derived_key));
}
-void hmac_sha384_preparekey(struct hmac_sha384_key *key,
+void CRYPTO_API(hmac_sha384_preparekey)(struct hmac_sha384_key *key,
const u8 *raw_key, size_t raw_key_len)
{
__hmac_sha512_preparekey(&key->key.istate, &key->key.ostate,
raw_key, raw_key_len, &sha384_iv);
}
-EXPORT_SYMBOL_GPL(hmac_sha384_preparekey);
+DEFINE_CRYPTO_API(hmac_sha384_preparekey);
-void hmac_sha512_preparekey(struct hmac_sha512_key *key,
+void CRYPTO_API(hmac_sha512_preparekey)(struct hmac_sha512_key *key,
const u8 *raw_key, size_t raw_key_len)
{
__hmac_sha512_preparekey(&key->key.istate, &key->key.ostate,
raw_key, raw_key_len, &sha512_iv);
}
-EXPORT_SYMBOL_GPL(hmac_sha512_preparekey);
+DEFINE_CRYPTO_API(hmac_sha512_preparekey);
-void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx,
+void CRYPTO_API(__hmac_sha512_init)(struct __hmac_sha512_ctx *ctx,
const struct __hmac_sha512_key *key)
{
__sha512_init(&ctx->sha_ctx, &key->istate, SHA512_BLOCK_SIZE);
ctx->ostate = key->ostate;
}
-EXPORT_SYMBOL_GPL(__hmac_sha512_init);
+DEFINE_CRYPTO_API(__hmac_sha512_init);
-void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx,
+void CRYPTO_API(hmac_sha384_init_usingrawkey)(struct hmac_sha384_ctx *ctx,
const u8 *raw_key, size_t raw_key_len)
{
__hmac_sha512_preparekey(&ctx->ctx.sha_ctx.state, &ctx->ctx.ostate,
@@ -314,9 +314,9 @@ void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx,
ctx->ctx.sha_ctx.bytecount_lo = SHA512_BLOCK_SIZE;
ctx->ctx.sha_ctx.bytecount_hi = 0;
}
-EXPORT_SYMBOL_GPL(hmac_sha384_init_usingrawkey);
+DEFINE_CRYPTO_API(hmac_sha384_init_usingrawkey);
-void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx,
+void CRYPTO_API(hmac_sha512_init_usingrawkey)(struct hmac_sha512_ctx *ctx,
const u8 *raw_key, size_t raw_key_len)
{
__hmac_sha512_preparekey(&ctx->ctx.sha_ctx.state, &ctx->ctx.ostate,
@@ -324,7 +324,7 @@ void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx,
ctx->ctx.sha_ctx.bytecount_lo = SHA512_BLOCK_SIZE;
ctx->ctx.sha_ctx.bytecount_hi = 0;
}
-EXPORT_SYMBOL_GPL(hmac_sha512_init_usingrawkey);
+DEFINE_CRYPTO_API(hmac_sha512_init_usingrawkey);
static void __hmac_sha512_final(struct __hmac_sha512_ctx *ctx,
u8 *out, size_t digest_size)
@@ -345,21 +345,21 @@ static void __hmac_sha512_final(struct __hmac_sha512_ctx *ctx,
memzero_explicit(ctx, sizeof(*ctx));
}
-void hmac_sha384_final(struct hmac_sha384_ctx *ctx,
+void CRYPTO_API(hmac_sha384_final)(struct hmac_sha384_ctx *ctx,
u8 out[SHA384_DIGEST_SIZE])
{
__hmac_sha512_final(&ctx->ctx, out, SHA384_DIGEST_SIZE);
}
-EXPORT_SYMBOL_GPL(hmac_sha384_final);
+DEFINE_CRYPTO_API(hmac_sha384_final);
-void hmac_sha512_final(struct hmac_sha512_ctx *ctx,
+void CRYPTO_API(hmac_sha512_final)(struct hmac_sha512_ctx *ctx,
u8 out[SHA512_DIGEST_SIZE])
{
__hmac_sha512_final(&ctx->ctx, out, SHA512_DIGEST_SIZE);
}
-EXPORT_SYMBOL_GPL(hmac_sha512_final);
+DEFINE_CRYPTO_API(hmac_sha512_final);
-void hmac_sha384(const struct hmac_sha384_key *key,
+void CRYPTO_API(hmac_sha384)(const struct hmac_sha384_key *key,
const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE])
{
struct hmac_sha384_ctx ctx;
@@ -368,9 +368,9 @@ void hmac_sha384(const struct hmac_sha384_key *key,
hmac_sha384_update(&ctx, data, data_len);
hmac_sha384_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(hmac_sha384);
+DEFINE_CRYPTO_API(hmac_sha384);
-void hmac_sha512(const struct hmac_sha512_key *key,
+void CRYPTO_API(hmac_sha512)(const struct hmac_sha512_key *key,
const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE])
{
struct hmac_sha512_ctx ctx;
@@ -379,9 +379,9 @@ void hmac_sha512(const struct hmac_sha512_key *key,
hmac_sha512_update(&ctx, data, data_len);
hmac_sha512_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(hmac_sha512);
+DEFINE_CRYPTO_API(hmac_sha512);
-void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len,
+void CRYPTO_API(hmac_sha384_usingrawkey)(const u8 *raw_key, size_t raw_key_len,
const u8 *data, size_t data_len,
u8 out[SHA384_DIGEST_SIZE])
{
@@ -391,9 +391,9 @@ void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len,
hmac_sha384_update(&ctx, data, data_len);
hmac_sha384_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(hmac_sha384_usingrawkey);
+DEFINE_CRYPTO_API(hmac_sha384_usingrawkey);
-void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len,
+void CRYPTO_API(hmac_sha512_usingrawkey)(const u8 *raw_key, size_t raw_key_len,
const u8 *data, size_t data_len,
u8 out[SHA512_DIGEST_SIZE])
{
@@ -403,7 +403,7 @@ void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len,
hmac_sha512_update(&ctx, data, data_len);
hmac_sha512_final(&ctx, out);
}
-EXPORT_SYMBOL_GPL(hmac_sha512_usingrawkey);
+DEFINE_CRYPTO_API(hmac_sha512_usingrawkey);
#ifdef sha512_mod_init_arch
static int __init sha512_mod_init(void)
@@ -411,12 +411,12 @@ static int __init sha512_mod_init(void)
sha512_mod_init_arch();
return 0;
}
-subsys_initcall(sha512_mod_init);
+crypto_subsys_initcall(sha512_mod_init);
static void __exit sha512_mod_exit(void)
{
}
-module_exit(sha512_mod_exit);
+crypto_module_exit(sha512_mod_exit);
#endif
MODULE_DESCRIPTION("SHA-384, SHA-512, HMAC-SHA384, and HMAC-SHA512 library functions");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 028/104] crypto: fips140: convert lib/crypto/utils.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (26 preceding siblings ...)
2025-09-04 15:50 ` [PATCH RFC 027/104] crypto: fips140: convert lib/crypto/sha512.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 029/104] crypto: fips140: convert crypto/aead.c " Vegard Nossum
` (76 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_LIB_UTILS --source lib/crypto/utils.c --header include/crypto/utils.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 11 +++++++++++
include/crypto/utils.h | 4 +++-
lib/crypto/utils.c | 4 ++--
3 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 13148a3d3519..6caef4827a53 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -116,3 +116,14 @@ DEFINE_CRYPTO_API_STUB(hmac_sha512_usingrawkey);
#endif
+/*
+ * lib/crypto/utils.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_LIB_UTILS)
+
+#include <crypto/utils.h>
+
+DEFINE_CRYPTO_API_STUB(__crypto_xor);
+
+#endif
+
diff --git a/include/crypto/utils.h b/include/crypto/utils.h
index d7c3dae79138..996435707260 100644
--- a/include/crypto/utils.h
+++ b/include/crypto/utils.h
@@ -12,7 +12,9 @@
#include <linux/compiler_attributes.h>
#include <linux/types.h>
-void __crypto_xor(u8 *dst, const u8 *src1, const u8 *src2, unsigned int size);
+DECLARE_CRYPTO_API(__crypto_xor, void,
+ (u8 *dst, const u8 *src1, const u8 *src2, unsigned int size),
+ (dst, src1, src2, size));
static inline void crypto_xor(u8 *dst, const u8 *src, unsigned int size)
{
diff --git a/lib/crypto/utils.c b/lib/crypto/utils.c
index dec381d5e906..276519171e1c 100644
--- a/lib/crypto/utils.c
+++ b/lib/crypto/utils.c
@@ -15,7 +15,7 @@
* (which may alias one of the sources). Don't call this directly; call
* crypto_xor() or crypto_xor_cpy() instead.
*/
-void __crypto_xor(u8 *dst, const u8 *src1, const u8 *src2, unsigned int len)
+void CRYPTO_API(__crypto_xor)(u8 *dst, const u8 *src1, const u8 *src2, unsigned int len)
{
int relalign = 0;
@@ -84,7 +84,7 @@ void __crypto_xor(u8 *dst, const u8 *src1, const u8 *src2, unsigned int len)
while (len--)
*dst++ = *src1++ ^ *src2++;
}
-EXPORT_SYMBOL_GPL(__crypto_xor);
+DEFINE_CRYPTO_API(__crypto_xor);
MODULE_DESCRIPTION("Crypto library utility functions");
MODULE_LICENSE("GPL");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 029/104] crypto: fips140: convert crypto/aead.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (27 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 028/104] crypto: fips140: convert lib/crypto/utils.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 030/104] crypto: fips140: convert crypto/aes_generic.c " Vegard Nossum
` (75 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_AEAD2 --source crypto/aead.c --header include/crypto/aead.h include/crypto/internal/aead.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/aead.c | 48 +++++++++++++++++-----------------
crypto/fips140-api.c | 25 ++++++++++++++++++
include/crypto/aead.h | 26 +++++++++++++-----
include/crypto/internal/aead.h | 28 +++++++++++++-------
4 files changed, 87 insertions(+), 40 deletions(-)
diff --git a/crypto/aead.c b/crypto/aead.c
index 5d14b775036e..f6cc3a76120e 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -41,7 +41,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
return ret;
}
-int crypto_aead_setkey(struct crypto_aead *tfm,
+int CRYPTO_API(crypto_aead_setkey)(struct crypto_aead *tfm,
const u8 *key, unsigned int keylen)
{
unsigned long alignmask = crypto_aead_alignmask(tfm);
@@ -60,9 +60,9 @@ int crypto_aead_setkey(struct crypto_aead *tfm,
crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_aead_setkey);
+DEFINE_CRYPTO_API(crypto_aead_setkey);
-int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
+int CRYPTO_API(crypto_aead_setauthsize)(struct crypto_aead *tfm, unsigned int authsize)
{
int err;
@@ -79,9 +79,9 @@ int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
tfm->authsize = authsize;
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);
+DEFINE_CRYPTO_API(crypto_aead_setauthsize);
-int crypto_aead_encrypt(struct aead_request *req)
+int CRYPTO_API(crypto_aead_encrypt)(struct aead_request *req)
{
struct crypto_aead *aead = crypto_aead_reqtfm(req);
@@ -90,9 +90,9 @@ int crypto_aead_encrypt(struct aead_request *req)
return crypto_aead_alg(aead)->encrypt(req);
}
-EXPORT_SYMBOL_GPL(crypto_aead_encrypt);
+DEFINE_CRYPTO_API(crypto_aead_encrypt);
-int crypto_aead_decrypt(struct aead_request *req)
+int CRYPTO_API(crypto_aead_decrypt)(struct aead_request *req)
{
struct crypto_aead *aead = crypto_aead_reqtfm(req);
@@ -104,7 +104,7 @@ int crypto_aead_decrypt(struct aead_request *req)
return crypto_aead_alg(aead)->decrypt(req);
}
-EXPORT_SYMBOL_GPL(crypto_aead_decrypt);
+DEFINE_CRYPTO_API(crypto_aead_decrypt);
static void crypto_aead_exit_tfm(struct crypto_tfm *tfm)
{
@@ -189,26 +189,26 @@ static const struct crypto_type crypto_aead_type = {
.algsize = offsetof(struct aead_alg, base),
};
-int crypto_grab_aead(struct crypto_aead_spawn *spawn,
+int CRYPTO_API(crypto_grab_aead)(struct crypto_aead_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_aead_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_aead);
+DEFINE_CRYPTO_API(crypto_grab_aead);
-struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask)
+struct crypto_aead *CRYPTO_API(crypto_alloc_aead)(const char *alg_name, u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_aead);
+DEFINE_CRYPTO_API(crypto_alloc_aead);
-int crypto_has_aead(const char *alg_name, u32 type, u32 mask)
+int CRYPTO_API(crypto_has_aead)(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_aead_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_has_aead);
+DEFINE_CRYPTO_API(crypto_has_aead);
static int aead_prepare_alg(struct aead_alg *alg)
{
@@ -228,7 +228,7 @@ static int aead_prepare_alg(struct aead_alg *alg)
return 0;
}
-int crypto_register_aead(struct aead_alg *alg)
+int CRYPTO_API(crypto_register_aead)(struct aead_alg *alg)
{
struct crypto_alg *base = &alg->base;
int err;
@@ -239,15 +239,15 @@ int crypto_register_aead(struct aead_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_aead);
+DEFINE_CRYPTO_API(crypto_register_aead);
-void crypto_unregister_aead(struct aead_alg *alg)
+void CRYPTO_API(crypto_unregister_aead)(struct aead_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_aead);
+DEFINE_CRYPTO_API(crypto_unregister_aead);
-int crypto_register_aeads(struct aead_alg *algs, int count)
+int CRYPTO_API(crypto_register_aeads)(struct aead_alg *algs, int count)
{
int i, ret;
@@ -265,18 +265,18 @@ int crypto_register_aeads(struct aead_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_aeads);
+DEFINE_CRYPTO_API(crypto_register_aeads);
-void crypto_unregister_aeads(struct aead_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_aeads)(struct aead_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_aead(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_aeads);
+DEFINE_CRYPTO_API(crypto_unregister_aeads);
-int aead_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(aead_register_instance)(struct crypto_template *tmpl,
struct aead_instance *inst)
{
int err;
@@ -290,7 +290,7 @@ int aead_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, aead_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(aead_register_instance);
+DEFINE_CRYPTO_API(aead_register_instance);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 6caef4827a53..896b42fb4330 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -127,3 +127,28 @@ DEFINE_CRYPTO_API_STUB(__crypto_xor);
#endif
+/*
+ * crypto/aead.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_AEAD2)
+
+#include <crypto/aead.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_aead);
+DEFINE_CRYPTO_API_STUB(crypto_has_aead);
+DEFINE_CRYPTO_API_STUB(crypto_aead_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_aead_setauthsize);
+DEFINE_CRYPTO_API_STUB(crypto_aead_encrypt);
+DEFINE_CRYPTO_API_STUB(crypto_aead_decrypt);
+
+#include <crypto/internal/aead.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_grab_aead);
+DEFINE_CRYPTO_API_STUB(crypto_register_aead);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_aead);
+DEFINE_CRYPTO_API_STUB(crypto_register_aeads);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_aeads);
+DEFINE_CRYPTO_API_STUB(aead_register_instance);
+
+#endif
+
diff --git a/include/crypto/aead.h b/include/crypto/aead.h
index 0e8a41638678..714a110a64bf 100644
--- a/include/crypto/aead.h
+++ b/include/crypto/aead.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_AEAD_H
#define _CRYPTO_AEAD_H
+#include <crypto/api.h>
#include <linux/atomic.h>
#include <linux/container_of.h>
#include <linux/crypto.h>
@@ -178,7 +179,9 @@ static inline struct crypto_aead *__crypto_aead_cast(struct crypto_tfm *tfm)
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_aead, struct crypto_aead *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_aead_tfm(struct crypto_aead *tfm)
{
@@ -206,7 +209,9 @@ static inline void crypto_free_aead(struct crypto_aead *tfm)
* Return: true when the aead is known to the kernel crypto API; false
* otherwise
*/
-int crypto_has_aead(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_has_aead, int,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline const char *crypto_aead_driver_name(struct crypto_aead *tfm)
{
@@ -316,8 +321,9 @@ static inline void crypto_aead_clear_flags(struct crypto_aead *tfm, u32 flags)
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_aead_setkey(struct crypto_aead *tfm,
- const u8 *key, unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_aead_setkey, int,
+ (struct crypto_aead *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
/**
* crypto_aead_setauthsize() - set authentication data size
@@ -329,7 +335,9 @@ int crypto_aead_setkey(struct crypto_aead *tfm,
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize);
+DECLARE_CRYPTO_API(crypto_aead_setauthsize, int,
+ (struct crypto_aead *tfm, unsigned int authsize),
+ (tfm, authsize));
static inline struct crypto_aead *crypto_aead_reqtfm(struct aead_request *req)
{
@@ -355,7 +363,9 @@ static inline struct crypto_aead *crypto_aead_reqtfm(struct aead_request *req)
*
* Return: 0 if the cipher operation was successful; < 0 if an error occurred
*/
-int crypto_aead_encrypt(struct aead_request *req);
+DECLARE_CRYPTO_API(crypto_aead_encrypt, int,
+ (struct aead_request *req),
+ (req));
/**
* crypto_aead_decrypt() - decrypt ciphertext
@@ -379,7 +389,9 @@ int crypto_aead_encrypt(struct aead_request *req);
* integrity of the ciphertext or the associated data was violated);
* < 0 if an error occurred.
*/
-int crypto_aead_decrypt(struct aead_request *req);
+DECLARE_CRYPTO_API(crypto_aead_decrypt, int,
+ (struct aead_request *req),
+ (req));
/**
* DOC: Asynchronous AEAD Request Handle
diff --git a/include/crypto/internal/aead.h b/include/crypto/internal/aead.h
index 28a95eb3182d..8abe35a07fd4 100644
--- a/include/crypto/internal/aead.h
+++ b/include/crypto/internal/aead.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_INTERNAL_AEAD_H
#define _CRYPTO_INTERNAL_AEAD_H
+#include <crypto/api.h>
#include <crypto/aead.h>
#include <crypto/algapi.h>
#include <linux/stddef.h>
@@ -96,9 +97,9 @@ static inline struct aead_request *aead_request_cast(
return container_of(req, struct aead_request, base);
}
-int crypto_grab_aead(struct crypto_aead_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_aead, int,
+ (struct crypto_aead_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
static inline void crypto_drop_aead(struct crypto_aead_spawn *spawn)
{
@@ -157,12 +158,21 @@ static inline unsigned int crypto_aead_chunksize(struct crypto_aead *tfm)
return crypto_aead_alg_chunksize(crypto_aead_alg(tfm));
}
-int crypto_register_aead(struct aead_alg *alg);
-void crypto_unregister_aead(struct aead_alg *alg);
-int crypto_register_aeads(struct aead_alg *algs, int count);
-void crypto_unregister_aeads(struct aead_alg *algs, int count);
-int aead_register_instance(struct crypto_template *tmpl,
- struct aead_instance *inst);
+DECLARE_CRYPTO_API(crypto_register_aead, int,
+ (struct aead_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_aead, void,
+ (struct aead_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_aeads, int,
+ (struct aead_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_aeads, void,
+ (struct aead_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(aead_register_instance, int,
+ (struct crypto_template *tmpl, struct aead_instance *inst),
+ (tmpl, inst));
#endif /* _CRYPTO_INTERNAL_AEAD_H */
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 030/104] crypto: fips140: convert crypto/aes_generic.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (28 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 029/104] crypto: fips140: convert crypto/aead.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 031/104] crypto: fips140: convert crypto/ahash.c " Vegard Nossum
` (74 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_AES --source crypto/aes_generic.c --header include/crypto/aes.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/aes_generic.c | 8 ++++----
crypto/fips140-api.c | 11 +++++++++++
include/crypto/aes.h | 5 +++--
3 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
index 85d2e78c8ef2..b3bf792f82f2 100644
--- a/crypto/aes_generic.c
+++ b/crypto/aes_generic.c
@@ -1133,14 +1133,14 @@ EXPORT_SYMBOL_GPL(crypto_it_tab);
*
* Return: 0 on success; -EINVAL on failure (only happens for bad key lengths)
*/
-int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
+int CRYPTO_API(crypto_aes_set_key)(struct crypto_tfm *tfm, const u8 *in_key,
unsigned int key_len)
{
struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
return aes_expandkey(ctx, in_key, key_len);
}
-EXPORT_SYMBOL_GPL(crypto_aes_set_key);
+DEFINE_CRYPTO_API(crypto_aes_set_key);
/* encrypt a block of text */
@@ -1311,8 +1311,8 @@ static void __exit aes_fini(void)
crypto_unregister_alg(&aes_alg);
}
-module_init(aes_init);
-module_exit(aes_fini);
+crypto_module_init(aes_init);
+crypto_module_exit(aes_fini);
MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
MODULE_LICENSE("Dual BSD/GPL");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 896b42fb4330..88858a1f9915 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -152,3 +152,14 @@ DEFINE_CRYPTO_API_STUB(aead_register_instance);
#endif
+/*
+ * crypto/aes_generic.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_AES)
+
+#include <crypto/aes.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_aes_set_key);
+
+#endif
+
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index a72621f552d8..6a732ea5ee1b 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -49,8 +49,9 @@ static inline int aes_check_keylen(unsigned int keylen)
return 0;
}
-int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
- unsigned int key_len);
+DECLARE_CRYPTO_API(crypto_aes_set_key, int,
+ (struct crypto_tfm *tfm, const u8 *in_key, unsigned int key_len),
+ (tfm, in_key, key_len));
/**
* aes_expandkey - Expands the AES key as described in FIPS-197
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 031/104] crypto: fips140: convert crypto/ahash.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (29 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 030/104] crypto: fips140: convert crypto/aes_generic.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 032/104] crypto: fips140: convert crypto/akcipher.c " Vegard Nossum
` (73 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_HASH2 --source crypto/ahash.c --header include/crypto/internal/hash.h include/crypto/hash.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ahash.c | 108 ++++++++++++++++-----------------
crypto/fips140-api.c | 40 ++++++++++++
include/crypto/hash.h | 52 +++++++++++-----
include/crypto/internal/hash.h | 65 ++++++++++++++------
4 files changed, 177 insertions(+), 88 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index a227793d2c5b..f344a43a3f89 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -99,7 +99,7 @@ static int hash_walk_new_entry(struct crypto_hash_walk *walk)
return hash_walk_next(walk);
}
-int crypto_hash_walk_first(struct ahash_request *req,
+int CRYPTO_API(crypto_hash_walk_first)(struct ahash_request *req,
struct crypto_hash_walk *walk)
{
walk->total = req->nbytes;
@@ -120,9 +120,9 @@ int crypto_hash_walk_first(struct ahash_request *req,
return hash_walk_new_entry(walk);
}
-EXPORT_SYMBOL_GPL(crypto_hash_walk_first);
+DEFINE_CRYPTO_API(crypto_hash_walk_first);
-int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
+int CRYPTO_API(crypto_hash_walk_done)(struct crypto_hash_walk *walk, int err)
{
if ((walk->flags & CRYPTO_AHASH_REQ_VIRT))
return err;
@@ -148,7 +148,7 @@ int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
return hash_walk_new_entry(walk);
}
-EXPORT_SYMBOL_GPL(crypto_hash_walk_done);
+DEFINE_CRYPTO_API(crypto_hash_walk_done);
/*
* For an ahash tfm that is using an shash algorithm (instead of an ahash
@@ -168,7 +168,7 @@ static inline struct shash_desc *prepare_shash_desc(struct ahash_request *req,
return desc;
}
-int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc)
+int CRYPTO_API(shash_ahash_update)(struct ahash_request *req, struct shash_desc *desc)
{
struct crypto_hash_walk walk;
int nbytes;
@@ -179,9 +179,9 @@ int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc)
return nbytes;
}
-EXPORT_SYMBOL_GPL(shash_ahash_update);
+DEFINE_CRYPTO_API(shash_ahash_update);
-int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc)
+int CRYPTO_API(shash_ahash_finup)(struct ahash_request *req, struct shash_desc *desc)
{
struct crypto_hash_walk walk;
int nbytes;
@@ -200,9 +200,9 @@ int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc)
return nbytes;
}
-EXPORT_SYMBOL_GPL(shash_ahash_finup);
+DEFINE_CRYPTO_API(shash_ahash_finup);
-int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc)
+int CRYPTO_API(shash_ahash_digest)(struct ahash_request *req, struct shash_desc *desc)
{
unsigned int nbytes = req->nbytes;
struct scatterlist *sg;
@@ -239,7 +239,7 @@ int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc)
kunmap_local(data);
return err;
}
-EXPORT_SYMBOL_GPL(shash_ahash_digest);
+DEFINE_CRYPTO_API(shash_ahash_digest);
static void crypto_exit_ahash_using_shash(struct crypto_tfm *tfm)
{
@@ -287,7 +287,7 @@ static void ahash_set_needkey(struct crypto_ahash *tfm, struct ahash_alg *alg)
crypto_ahash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
}
-int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
+int CRYPTO_API(crypto_ahash_setkey)(struct crypto_ahash *tfm, const u8 *key,
unsigned int keylen)
{
if (likely(tfm->using_shash)) {
@@ -317,7 +317,7 @@ int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_ahash_setkey);
+DEFINE_CRYPTO_API(crypto_ahash_setkey);
static int ahash_do_req_chain(struct ahash_request *req,
int (*const *op)(struct ahash_request *req))
@@ -368,7 +368,7 @@ static int ahash_do_req_chain(struct ahash_request *req,
}
}
-int crypto_ahash_init(struct ahash_request *req)
+int CRYPTO_API(crypto_ahash_init)(struct ahash_request *req)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
@@ -386,7 +386,7 @@ int crypto_ahash_init(struct ahash_request *req)
}
return crypto_ahash_alg(tfm)->init(req);
}
-EXPORT_SYMBOL_GPL(crypto_ahash_init);
+DEFINE_CRYPTO_API(crypto_ahash_init);
static void ahash_save_req(struct ahash_request *req, crypto_completion_t cplt)
{
@@ -440,7 +440,7 @@ static void ahash_update_done(void *data, int err)
ahash_op_done(data, err, ahash_update_finish);
}
-int crypto_ahash_update(struct ahash_request *req)
+int CRYPTO_API(crypto_ahash_update)(struct ahash_request *req)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
bool nonzero = crypto_ahash_final_nonzero(tfm);
@@ -489,7 +489,7 @@ int crypto_ahash_update(struct ahash_request *req)
return ahash_update_finish(req, err);
}
-EXPORT_SYMBOL_GPL(crypto_ahash_update);
+DEFINE_CRYPTO_API(crypto_ahash_update);
static int ahash_finup_finish(struct ahash_request *req, int err)
{
@@ -521,7 +521,7 @@ static void ahash_finup_done(void *data, int err)
ahash_op_done(data, err, ahash_finup_finish);
}
-int crypto_ahash_finup(struct ahash_request *req)
+int CRYPTO_API(crypto_ahash_finup)(struct ahash_request *req)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
int bs = crypto_ahash_blocksize(tfm);
@@ -561,9 +561,9 @@ int crypto_ahash_finup(struct ahash_request *req)
return ahash_finup_finish(req, err);
}
-EXPORT_SYMBOL_GPL(crypto_ahash_finup);
+DEFINE_CRYPTO_API(crypto_ahash_finup);
-int crypto_ahash_digest(struct ahash_request *req)
+int CRYPTO_API(crypto_ahash_digest)(struct ahash_request *req)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
@@ -575,7 +575,7 @@ int crypto_ahash_digest(struct ahash_request *req)
return -ENOKEY;
return ahash_do_req_chain(req, &crypto_ahash_alg(tfm)->digest);
}
-EXPORT_SYMBOL_GPL(crypto_ahash_digest);
+DEFINE_CRYPTO_API(crypto_ahash_digest);
static void ahash_def_finup_done2(void *data, int err)
{
@@ -624,7 +624,7 @@ static int ahash_def_finup(struct ahash_request *req)
return ahash_def_finup_finish1(req, err);
}
-int crypto_ahash_export_core(struct ahash_request *req, void *out)
+int CRYPTO_API(crypto_ahash_export_core)(struct ahash_request *req, void *out)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
@@ -632,9 +632,9 @@ int crypto_ahash_export_core(struct ahash_request *req, void *out)
return crypto_shash_export_core(ahash_request_ctx(req), out);
return crypto_ahash_alg(tfm)->export_core(req, out);
}
-EXPORT_SYMBOL_GPL(crypto_ahash_export_core);
+DEFINE_CRYPTO_API(crypto_ahash_export_core);
-int crypto_ahash_export(struct ahash_request *req, void *out)
+int CRYPTO_API(crypto_ahash_export)(struct ahash_request *req, void *out)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
@@ -650,9 +650,9 @@ int crypto_ahash_export(struct ahash_request *req, void *out)
}
return crypto_ahash_alg(tfm)->export(req, out);
}
-EXPORT_SYMBOL_GPL(crypto_ahash_export);
+DEFINE_CRYPTO_API(crypto_ahash_export);
-int crypto_ahash_import_core(struct ahash_request *req, const void *in)
+int CRYPTO_API(crypto_ahash_import_core)(struct ahash_request *req, const void *in)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
@@ -663,9 +663,9 @@ int crypto_ahash_import_core(struct ahash_request *req, const void *in)
return -ENOKEY;
return crypto_ahash_alg(tfm)->import_core(req, in);
}
-EXPORT_SYMBOL_GPL(crypto_ahash_import_core);
+DEFINE_CRYPTO_API(crypto_ahash_import_core);
-int crypto_ahash_import(struct ahash_request *req, const void *in)
+int CRYPTO_API(crypto_ahash_import)(struct ahash_request *req, const void *in)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
@@ -681,7 +681,7 @@ int crypto_ahash_import(struct ahash_request *req, const void *in)
}
return crypto_ahash_alg(tfm)->import(req, in);
}
-EXPORT_SYMBOL_GPL(crypto_ahash_import);
+DEFINE_CRYPTO_API(crypto_ahash_import);
static void crypto_ahash_exit_tfm(struct crypto_tfm *tfm)
{
@@ -816,29 +816,29 @@ static const struct crypto_type crypto_ahash_type = {
.algsize = offsetof(struct ahash_alg, halg.base),
};
-int crypto_grab_ahash(struct crypto_ahash_spawn *spawn,
+int CRYPTO_API(crypto_grab_ahash)(struct crypto_ahash_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_ahash_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_ahash);
+DEFINE_CRYPTO_API(crypto_grab_ahash);
-struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
+struct crypto_ahash *CRYPTO_API(crypto_alloc_ahash)(const char *alg_name, u32 type,
u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_ahash_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_ahash);
+DEFINE_CRYPTO_API(crypto_alloc_ahash);
-int crypto_has_ahash(const char *alg_name, u32 type, u32 mask)
+int CRYPTO_API(crypto_has_ahash)(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_ahash_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_has_ahash);
+DEFINE_CRYPTO_API(crypto_has_ahash);
-bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg)
+bool CRYPTO_API(crypto_hash_alg_has_setkey)(struct hash_alg_common *halg)
{
struct crypto_alg *alg = &halg->base;
@@ -847,9 +847,9 @@ bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg)
return __crypto_ahash_alg(alg)->setkey != ahash_nosetkey;
}
-EXPORT_SYMBOL_GPL(crypto_hash_alg_has_setkey);
+DEFINE_CRYPTO_API(crypto_hash_alg_has_setkey);
-struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *hash)
+struct crypto_ahash *CRYPTO_API(crypto_clone_ahash)(struct crypto_ahash *hash)
{
struct hash_alg_common *halg = crypto_hash_alg_common(hash);
struct crypto_tfm *tfm = crypto_ahash_tfm(hash);
@@ -917,7 +917,7 @@ struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *hash)
crypto_free_ahash(nhash);
return ERR_PTR(err);
}
-EXPORT_SYMBOL_GPL(crypto_clone_ahash);
+DEFINE_CRYPTO_API(crypto_clone_ahash);
static int ahash_default_export_core(struct ahash_request *req, void *out)
{
@@ -981,7 +981,7 @@ static int ahash_prepare_alg(struct ahash_alg *alg)
return 0;
}
-int crypto_register_ahash(struct ahash_alg *alg)
+int CRYPTO_API(crypto_register_ahash)(struct ahash_alg *alg)
{
struct crypto_alg *base = &alg->halg.base;
int err;
@@ -992,15 +992,15 @@ int crypto_register_ahash(struct ahash_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_ahash);
+DEFINE_CRYPTO_API(crypto_register_ahash);
-void crypto_unregister_ahash(struct ahash_alg *alg)
+void CRYPTO_API(crypto_unregister_ahash)(struct ahash_alg *alg)
{
crypto_unregister_alg(&alg->halg.base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_ahash);
+DEFINE_CRYPTO_API(crypto_unregister_ahash);
-int crypto_register_ahashes(struct ahash_alg *algs, int count)
+int CRYPTO_API(crypto_register_ahashes)(struct ahash_alg *algs, int count)
{
int i, ret;
@@ -1018,18 +1018,18 @@ int crypto_register_ahashes(struct ahash_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_ahashes);
+DEFINE_CRYPTO_API(crypto_register_ahashes);
-void crypto_unregister_ahashes(struct ahash_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_ahashes)(struct ahash_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_ahash(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_ahashes);
+DEFINE_CRYPTO_API(crypto_unregister_ahashes);
-int ahash_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(ahash_register_instance)(struct crypto_template *tmpl,
struct ahash_instance *inst)
{
int err;
@@ -1043,9 +1043,9 @@ int ahash_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, ahash_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(ahash_register_instance);
+DEFINE_CRYPTO_API(ahash_register_instance);
-void ahash_request_free(struct ahash_request *req)
+void CRYPTO_API(ahash_request_free)(struct ahash_request *req)
{
if (unlikely(!req))
return;
@@ -1057,9 +1057,9 @@ void ahash_request_free(struct ahash_request *req)
ahash_request_zero(req);
}
-EXPORT_SYMBOL_GPL(ahash_request_free);
+DEFINE_CRYPTO_API(ahash_request_free);
-int crypto_hash_digest(struct crypto_ahash *tfm, const u8 *data,
+int CRYPTO_API(crypto_hash_digest)(struct crypto_ahash *tfm, const u8 *data,
unsigned int len, u8 *out)
{
HASH_REQUEST_ON_STACK(req, crypto_ahash_fb(tfm));
@@ -1073,14 +1073,14 @@ int crypto_hash_digest(struct crypto_ahash *tfm, const u8 *data,
return err;
}
-EXPORT_SYMBOL_GPL(crypto_hash_digest);
+DEFINE_CRYPTO_API(crypto_hash_digest);
-void ahash_free_singlespawn_instance(struct ahash_instance *inst)
+void CRYPTO_API(ahash_free_singlespawn_instance)(struct ahash_instance *inst)
{
crypto_drop_spawn(ahash_instance_ctx(inst));
kfree(inst);
}
-EXPORT_SYMBOL_GPL(ahash_free_singlespawn_instance);
+DEFINE_CRYPTO_API(ahash_free_singlespawn_instance);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Asynchronous cryptographic hash type");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 88858a1f9915..530195c057eb 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -163,3 +163,43 @@ DEFINE_CRYPTO_API_STUB(crypto_aes_set_key);
#endif
+/*
+ * crypto/ahash.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_HASH2)
+
+#include <crypto/internal/hash.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_hash_walk_done);
+DEFINE_CRYPTO_API_STUB(crypto_hash_walk_first);
+DEFINE_CRYPTO_API_STUB(crypto_register_ahash);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_ahash);
+DEFINE_CRYPTO_API_STUB(crypto_register_ahashes);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_ahashes);
+DEFINE_CRYPTO_API_STUB(ahash_register_instance);
+DEFINE_CRYPTO_API_STUB(ahash_free_singlespawn_instance);
+DEFINE_CRYPTO_API_STUB(crypto_hash_alg_has_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_grab_ahash);
+DEFINE_CRYPTO_API_STUB(shash_ahash_update);
+DEFINE_CRYPTO_API_STUB(shash_ahash_finup);
+DEFINE_CRYPTO_API_STUB(shash_ahash_digest);
+DEFINE_CRYPTO_API_STUB(crypto_ahash_export_core);
+DEFINE_CRYPTO_API_STUB(crypto_ahash_import_core);
+
+#include <crypto/hash.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_ahash);
+DEFINE_CRYPTO_API_STUB(crypto_clone_ahash);
+DEFINE_CRYPTO_API_STUB(crypto_has_ahash);
+DEFINE_CRYPTO_API_STUB(crypto_ahash_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_ahash_finup);
+DEFINE_CRYPTO_API_STUB(crypto_ahash_digest);
+DEFINE_CRYPTO_API_STUB(crypto_ahash_export);
+DEFINE_CRYPTO_API_STUB(crypto_ahash_import);
+DEFINE_CRYPTO_API_STUB(crypto_ahash_init);
+DEFINE_CRYPTO_API_STUB(crypto_ahash_update);
+DEFINE_CRYPTO_API_STUB(ahash_request_free);
+DEFINE_CRYPTO_API_STUB(crypto_hash_digest);
+
+#endif
+
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index bbaeae705ef0..c9d6ee97360e 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_HASH_H
#define _CRYPTO_HASH_H
+#include <crypto/api.h>
#include <linux/crypto.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
@@ -307,10 +308,13 @@ static inline struct crypto_ahash *__crypto_ahash_cast(struct crypto_tfm *tfm)
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
- u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_ahash, struct crypto_ahash *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
-struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *tfm);
+DECLARE_CRYPTO_API(crypto_clone_ahash, struct crypto_ahash *,
+ (struct crypto_ahash *tfm),
+ (tfm));
static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm)
{
@@ -338,7 +342,9 @@ static inline void crypto_free_ahash(struct crypto_ahash *tfm)
* Return: true when the ahash is known to the kernel crypto API; false
* otherwise
*/
-int crypto_has_ahash(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_has_ahash, int,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline const char *crypto_ahash_alg_name(struct crypto_ahash *tfm)
{
@@ -464,8 +470,9 @@ static inline void *ahash_request_ctx(struct ahash_request *req)
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
- unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_ahash_setkey, int,
+ (struct crypto_ahash *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
/**
* crypto_ahash_finup() - update and finalize message digest
@@ -478,7 +485,9 @@ int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
*
* Return: see crypto_ahash_final()
*/
-int crypto_ahash_finup(struct ahash_request *req);
+DECLARE_CRYPTO_API(crypto_ahash_finup, int,
+ (struct ahash_request *req),
+ (req));
/**
* crypto_ahash_final() - calculate message digest
@@ -512,7 +521,9 @@ static inline int crypto_ahash_final(struct ahash_request *req)
*
* Return: see crypto_ahash_final()
*/
-int crypto_ahash_digest(struct ahash_request *req);
+DECLARE_CRYPTO_API(crypto_ahash_digest, int,
+ (struct ahash_request *req),
+ (req));
/**
* crypto_ahash_export() - extract current message digest state
@@ -525,7 +536,9 @@ int crypto_ahash_digest(struct ahash_request *req);
*
* Return: 0 if the export was successful; < 0 if an error occurred
*/
-int crypto_ahash_export(struct ahash_request *req, void *out);
+DECLARE_CRYPTO_API(crypto_ahash_export, int,
+ (struct ahash_request *req, void *out),
+ (req, out));
/**
* crypto_ahash_import() - import message digest state
@@ -538,7 +551,9 @@ int crypto_ahash_export(struct ahash_request *req, void *out);
*
* Return: 0 if the import was successful; < 0 if an error occurred
*/
-int crypto_ahash_import(struct ahash_request *req, const void *in);
+DECLARE_CRYPTO_API(crypto_ahash_import, int,
+ (struct ahash_request *req, const void *in),
+ (req, in));
/**
* crypto_ahash_init() - (re)initialize message digest handle
@@ -551,7 +566,9 @@ int crypto_ahash_import(struct ahash_request *req, const void *in);
*
* Return: see crypto_ahash_final()
*/
-int crypto_ahash_init(struct ahash_request *req);
+DECLARE_CRYPTO_API(crypto_ahash_init, int,
+ (struct ahash_request *req),
+ (req));
/**
* crypto_ahash_update() - add data to message digest for processing
@@ -564,7 +581,9 @@ int crypto_ahash_init(struct ahash_request *req);
*
* Return: see crypto_ahash_final()
*/
-int crypto_ahash_update(struct ahash_request *req);
+DECLARE_CRYPTO_API(crypto_ahash_update, int,
+ (struct ahash_request *req),
+ (req));
/**
* DOC: Asynchronous Hash Request Handle
@@ -622,7 +641,9 @@ static inline struct ahash_request *ahash_request_alloc_noprof(
* ahash_request_free() - zeroize and free the request data structure
* @req: request data structure cipher handle to be freed
*/
-void ahash_request_free(struct ahash_request *req);
+DECLARE_CRYPTO_API(ahash_request_free, void,
+ (struct ahash_request *req),
+ (req));
static inline void ahash_request_zero(struct ahash_request *req)
{
@@ -913,8 +934,9 @@ int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
unsigned int len, u8 *out);
-int crypto_hash_digest(struct crypto_ahash *tfm, const u8 *data,
- unsigned int len, u8 *out);
+DECLARE_CRYPTO_API(crypto_hash_digest, int,
+ (struct crypto_ahash *tfm, const u8 *data, unsigned int len, u8 *out),
+ (tfm, data, len, out));
/**
* crypto_shash_export() - extract operational state for message digest
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index e39456de57e4..c3f9ca511cf5 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_INTERNAL_HASH_H
#define _CRYPTO_INTERNAL_HASH_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
#include <crypto/hash.h>
@@ -75,26 +76,42 @@ struct crypto_shash_spawn {
struct crypto_spawn base;
};
-int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err);
-int crypto_hash_walk_first(struct ahash_request *req,
- struct crypto_hash_walk *walk);
+DECLARE_CRYPTO_API(crypto_hash_walk_done, int,
+ (struct crypto_hash_walk *walk, int err),
+ (walk, err));
+DECLARE_CRYPTO_API(crypto_hash_walk_first, int,
+ (struct ahash_request *req, struct crypto_hash_walk *walk),
+ (req, walk));
static inline int crypto_hash_walk_last(struct crypto_hash_walk *walk)
{
return !(walk->entrylen | walk->total);
}
-int crypto_register_ahash(struct ahash_alg *alg);
-void crypto_unregister_ahash(struct ahash_alg *alg);
-int crypto_register_ahashes(struct ahash_alg *algs, int count);
-void crypto_unregister_ahashes(struct ahash_alg *algs, int count);
-int ahash_register_instance(struct crypto_template *tmpl,
- struct ahash_instance *inst);
-void ahash_free_singlespawn_instance(struct ahash_instance *inst);
+DECLARE_CRYPTO_API(crypto_register_ahash, int,
+ (struct ahash_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_ahash, void,
+ (struct ahash_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_ahashes, int,
+ (struct ahash_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_ahashes, void,
+ (struct ahash_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(ahash_register_instance, int,
+ (struct crypto_template *tmpl, struct ahash_instance *inst),
+ (tmpl, inst));
+DECLARE_CRYPTO_API(ahash_free_singlespawn_instance, void,
+ (struct ahash_instance *inst),
+ (inst));
bool crypto_shash_alg_has_setkey(struct shash_alg *alg);
-bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg);
+DECLARE_CRYPTO_API(crypto_hash_alg_has_setkey, bool,
+ (struct hash_alg_common *halg),
+ (halg));
static inline bool crypto_shash_alg_needs_key(struct shash_alg *alg)
{
@@ -114,9 +131,9 @@ static inline bool crypto_hash_no_export_core(struct crypto_ahash *tfm)
CRYPTO_AHASH_ALG_NO_EXPORT_CORE;
}
-int crypto_grab_ahash(struct crypto_ahash_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_ahash, int,
+ (struct crypto_ahash_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
static inline void crypto_drop_ahash(struct crypto_ahash_spawn *spawn)
{
@@ -152,9 +169,15 @@ static inline struct shash_alg *crypto_spawn_shash_alg(
return __crypto_shash_alg(spawn->base.alg);
}
-int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc);
-int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc);
-int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc);
+DECLARE_CRYPTO_API(shash_ahash_update, int,
+ (struct ahash_request *req, struct shash_desc *desc),
+ (req, desc));
+DECLARE_CRYPTO_API(shash_ahash_finup, int,
+ (struct ahash_request *req, struct shash_desc *desc),
+ (req, desc));
+DECLARE_CRYPTO_API(shash_ahash_digest, int,
+ (struct ahash_request *req, struct shash_desc *desc),
+ (req, desc));
static inline void *crypto_ahash_ctx(struct crypto_ahash *tfm)
{
@@ -357,7 +380,9 @@ static inline unsigned int crypto_shash_coresize(struct crypto_shash *tfm)
* Context: Softirq or process context.
* Return: 0 if the export creation was successful; < 0 if an error occurred
*/
-int crypto_ahash_export_core(struct ahash_request *req, void *out);
+DECLARE_CRYPTO_API(crypto_ahash_export_core, int,
+ (struct ahash_request *req, void *out),
+ (req, out));
/**
* crypto_ahash_import_core() - import core state
@@ -369,7 +394,9 @@ int crypto_ahash_export_core(struct ahash_request *req, void *out);
* Context: Softirq or process context.
* Return: 0 if the import was successful; < 0 if an error occurred
*/
-int crypto_ahash_import_core(struct ahash_request *req, const void *in);
+DECLARE_CRYPTO_API(crypto_ahash_import_core, int,
+ (struct ahash_request *req, const void *in),
+ (req, in));
/**
* crypto_shash_export_core() - extract core state for message digest
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 032/104] crypto: fips140: convert crypto/akcipher.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (30 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 031/104] crypto: fips140: convert crypto/ahash.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 033/104] crypto: fips140: convert crypto/algapi.c " Vegard Nossum
` (72 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_AKCIPHER2 --source crypto/akcipher.c --header include/crypto/akcipher.h include/crypto/internal/akcipher.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/akcipher.c | 28 ++++++++++++++--------------
crypto/fips140-api.c | 20 ++++++++++++++++++++
include/crypto/akcipher.h | 18 ++++++++++--------
include/crypto/internal/akcipher.h | 21 ++++++++++++++-------
4 files changed, 58 insertions(+), 29 deletions(-)
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
index a36f50c83827..1cfc6c7bfbae 100644
--- a/crypto/akcipher.c
+++ b/crypto/akcipher.c
@@ -100,21 +100,21 @@ static const struct crypto_type crypto_akcipher_type = {
.algsize = offsetof(struct akcipher_alg, base),
};
-int crypto_grab_akcipher(struct crypto_akcipher_spawn *spawn,
+int CRYPTO_API(crypto_grab_akcipher)(struct crypto_akcipher_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_akcipher_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_akcipher);
+DEFINE_CRYPTO_API(crypto_grab_akcipher);
-struct crypto_akcipher *crypto_alloc_akcipher(const char *alg_name, u32 type,
+struct crypto_akcipher *CRYPTO_API(crypto_alloc_akcipher)(const char *alg_name, u32 type,
u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_akcipher_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_akcipher);
+DEFINE_CRYPTO_API(crypto_alloc_akcipher);
static void akcipher_prepare_alg(struct akcipher_alg *alg)
{
@@ -136,7 +136,7 @@ static int akcipher_default_set_key(struct crypto_akcipher *tfm,
return -ENOSYS;
}
-int crypto_register_akcipher(struct akcipher_alg *alg)
+int CRYPTO_API(crypto_register_akcipher)(struct akcipher_alg *alg)
{
struct crypto_alg *base = &alg->base;
@@ -150,15 +150,15 @@ int crypto_register_akcipher(struct akcipher_alg *alg)
akcipher_prepare_alg(alg);
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_akcipher);
+DEFINE_CRYPTO_API(crypto_register_akcipher);
-void crypto_unregister_akcipher(struct akcipher_alg *alg)
+void CRYPTO_API(crypto_unregister_akcipher)(struct akcipher_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_akcipher);
+DEFINE_CRYPTO_API(crypto_unregister_akcipher);
-int akcipher_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(akcipher_register_instance)(struct crypto_template *tmpl,
struct akcipher_instance *inst)
{
if (WARN_ON(!inst->free))
@@ -166,7 +166,7 @@ int akcipher_register_instance(struct crypto_template *tmpl,
akcipher_prepare_alg(&inst->alg);
return crypto_register_instance(tmpl, akcipher_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(akcipher_register_instance);
+DEFINE_CRYPTO_API(akcipher_register_instance);
static int crypto_akcipher_sync_prep(struct crypto_akcipher_sync_data *data)
{
@@ -215,7 +215,7 @@ static int crypto_akcipher_sync_post(struct crypto_akcipher_sync_data *data,
return err;
}
-int crypto_akcipher_sync_encrypt(struct crypto_akcipher *tfm,
+int CRYPTO_API(crypto_akcipher_sync_encrypt)(struct crypto_akcipher *tfm,
const void *src, unsigned int slen,
void *dst, unsigned int dlen)
{
@@ -231,9 +231,9 @@ int crypto_akcipher_sync_encrypt(struct crypto_akcipher *tfm,
crypto_akcipher_sync_post(&data,
crypto_akcipher_encrypt(data.req));
}
-EXPORT_SYMBOL_GPL(crypto_akcipher_sync_encrypt);
+DEFINE_CRYPTO_API(crypto_akcipher_sync_encrypt);
-int crypto_akcipher_sync_decrypt(struct crypto_akcipher *tfm,
+int CRYPTO_API(crypto_akcipher_sync_decrypt)(struct crypto_akcipher *tfm,
const void *src, unsigned int slen,
void *dst, unsigned int dlen)
{
@@ -250,7 +250,7 @@ int crypto_akcipher_sync_decrypt(struct crypto_akcipher *tfm,
crypto_akcipher_decrypt(data.req)) ?:
data.dlen;
}
-EXPORT_SYMBOL_GPL(crypto_akcipher_sync_decrypt);
+DEFINE_CRYPTO_API(crypto_akcipher_sync_decrypt);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Generic public key cipher type");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 530195c057eb..3c3445523803 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -203,3 +203,23 @@ DEFINE_CRYPTO_API_STUB(crypto_hash_digest);
#endif
+/*
+ * crypto/akcipher.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_AKCIPHER2)
+
+#include <crypto/akcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_akcipher);
+DEFINE_CRYPTO_API_STUB(crypto_akcipher_sync_encrypt);
+DEFINE_CRYPTO_API_STUB(crypto_akcipher_sync_decrypt);
+
+#include <crypto/internal/akcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_grab_akcipher);
+DEFINE_CRYPTO_API_STUB(crypto_register_akcipher);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_akcipher);
+DEFINE_CRYPTO_API_STUB(akcipher_register_instance);
+
+#endif
+
diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index cdf7da74bf2f..d6ae05da0811 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_AKCIPHER_H
#define _CRYPTO_AKCIPHER_H
+#include <crypto/api.h>
#include <linux/atomic.h>
#include <linux/crypto.h>
@@ -116,8 +117,9 @@ struct akcipher_alg {
* Return: allocated handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_akcipher *crypto_alloc_akcipher(const char *alg_name, u32 type,
- u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_akcipher, struct crypto_akcipher *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_akcipher_tfm(
struct crypto_akcipher *tfm)
@@ -310,9 +312,9 @@ static inline int crypto_akcipher_decrypt(struct akcipher_request *req)
*
* Return: zero on success; error code in case of error
*/
-int crypto_akcipher_sync_encrypt(struct crypto_akcipher *tfm,
- const void *src, unsigned int slen,
- void *dst, unsigned int dlen);
+DECLARE_CRYPTO_API(crypto_akcipher_sync_encrypt, int,
+ (struct crypto_akcipher *tfm, const void *src, unsigned int slen, void *dst, unsigned int dlen),
+ (tfm, src, slen, dst, dlen));
/**
* crypto_akcipher_sync_decrypt() - Invoke public key decrypt operation
@@ -328,9 +330,9 @@ int crypto_akcipher_sync_encrypt(struct crypto_akcipher *tfm,
*
* Return: Output length on success; error code in case of error
*/
-int crypto_akcipher_sync_decrypt(struct crypto_akcipher *tfm,
- const void *src, unsigned int slen,
- void *dst, unsigned int dlen);
+DECLARE_CRYPTO_API(crypto_akcipher_sync_decrypt, int,
+ (struct crypto_akcipher *tfm, const void *src, unsigned int slen, void *dst, unsigned int dlen),
+ (tfm, src, slen, dst, dlen));
/**
* crypto_akcipher_set_pub_key() - Invoke set public key operation
diff --git a/include/crypto/internal/akcipher.h b/include/crypto/internal/akcipher.h
index 14ee62bc52b6..5ea9c6cbce04 100644
--- a/include/crypto/internal/akcipher.h
+++ b/include/crypto/internal/akcipher.h
@@ -7,6 +7,8 @@
*/
#ifndef _CRYPTO_AKCIPHER_INT_H
#define _CRYPTO_AKCIPHER_INT_H
+
+#include <crypto/api.h>
#include <crypto/akcipher.h>
#include <crypto/algapi.h>
@@ -100,9 +102,9 @@ static inline void *akcipher_instance_ctx(struct akcipher_instance *inst)
return crypto_instance_ctx(akcipher_crypto_instance(inst));
}
-int crypto_grab_akcipher(struct crypto_akcipher_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_akcipher, int,
+ (struct crypto_akcipher_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
static inline struct crypto_akcipher *crypto_spawn_akcipher(
struct crypto_akcipher_spawn *spawn)
@@ -130,7 +132,9 @@ static inline struct akcipher_alg *crypto_spawn_akcipher_alg(
*
* Return: zero on success; error code in case of error
*/
-int crypto_register_akcipher(struct akcipher_alg *alg);
+DECLARE_CRYPTO_API(crypto_register_akcipher, int,
+ (struct akcipher_alg *alg),
+ (alg));
/**
* crypto_unregister_akcipher() -- Unregister public key algorithm
@@ -139,7 +143,9 @@ int crypto_register_akcipher(struct akcipher_alg *alg);
*
* @alg: algorithm definition
*/
-void crypto_unregister_akcipher(struct akcipher_alg *alg);
+DECLARE_CRYPTO_API(crypto_unregister_akcipher, void,
+ (struct akcipher_alg *alg),
+ (alg));
/**
* akcipher_register_instance() -- Unregister public key template instance
@@ -150,6 +156,7 @@ void crypto_unregister_akcipher(struct akcipher_alg *alg);
* @tmpl: the template from which the algorithm was created
* @inst: the template instance
*/
-int akcipher_register_instance(struct crypto_template *tmpl,
- struct akcipher_instance *inst);
+DECLARE_CRYPTO_API(akcipher_register_instance, int,
+ (struct crypto_template *tmpl, struct akcipher_instance *inst),
+ (tmpl, inst));
#endif
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 033/104] crypto: fips140: convert crypto/algapi.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (31 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 032/104] crypto: fips140: convert crypto/akcipher.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 034/104] crypto: fips140: convert crypto/algboss.c " Vegard Nossum
` (71 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ALGAPI2 --source crypto/algapi.c --header include/crypto/algapi.h crypto/internal.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/algapi.c | 128 ++++++++++++++++++++--------------------
crypto/fips140-api.c | 44 ++++++++++++++
crypto/internal.h | 25 +++++---
include/crypto/algapi.h | 117 +++++++++++++++++++++++++-----------
4 files changed, 207 insertions(+), 107 deletions(-)
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 8b4a1903557e..f24fca384a88 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -174,7 +174,7 @@ static void crypto_remove_instance(struct crypto_instance *inst,
* that is depended on by nalg. This is useful when nalg itself
* depends on alg.
*/
-void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
+void CRYPTO_API(crypto_remove_spawns)(struct crypto_alg *alg, struct list_head *list,
struct crypto_alg *nalg)
{
u32 new_type = (nalg ?: alg)->cra_flags;
@@ -252,7 +252,7 @@ void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
crypto_remove_instance(spawn->inst, list);
}
}
-EXPORT_SYMBOL_GPL(crypto_remove_spawns);
+DEFINE_CRYPTO_API(crypto_remove_spawns);
static void crypto_alg_finish_registration(struct crypto_alg *alg,
struct list_head *algs_to_put)
@@ -366,7 +366,7 @@ __crypto_register_alg(struct crypto_alg *alg, struct list_head *algs_to_put)
goto out;
}
-void crypto_alg_tested(struct crypto_alg *alg, int err)
+void CRYPTO_API(crypto_alg_tested)(struct crypto_alg *alg, int err)
{
struct crypto_larval *test;
struct crypto_alg *q;
@@ -412,9 +412,9 @@ void crypto_alg_tested(struct crypto_alg *alg, int err)
crypto_alg_put(&test->alg);
crypto_remove_final(&list);
}
-EXPORT_SYMBOL_GPL(crypto_alg_tested);
+DEFINE_CRYPTO_API(crypto_alg_tested);
-void crypto_remove_final(struct list_head *list)
+void CRYPTO_API(crypto_remove_final)(struct list_head *list)
{
struct crypto_alg *alg;
struct crypto_alg *n;
@@ -424,7 +424,7 @@ void crypto_remove_final(struct list_head *list)
crypto_alg_put(alg);
}
}
-EXPORT_SYMBOL_GPL(crypto_remove_final);
+DEFINE_CRYPTO_API(crypto_remove_final);
static void crypto_free_alg(struct crypto_alg *alg)
{
@@ -435,7 +435,7 @@ static void crypto_free_alg(struct crypto_alg *alg)
kfree(p);
}
-int crypto_register_alg(struct crypto_alg *alg)
+int CRYPTO_API(crypto_register_alg)(struct crypto_alg *alg)
{
struct crypto_larval *larval;
bool test_started = false;
@@ -490,7 +490,7 @@ int crypto_register_alg(struct crypto_alg *alg)
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_register_alg);
+DEFINE_CRYPTO_API(crypto_register_alg);
static int crypto_remove_alg(struct crypto_alg *alg, struct list_head *list)
{
@@ -505,7 +505,7 @@ static int crypto_remove_alg(struct crypto_alg *alg, struct list_head *list)
return 0;
}
-void crypto_unregister_alg(struct crypto_alg *alg)
+void CRYPTO_API(crypto_unregister_alg)(struct crypto_alg *alg)
{
int ret;
LIST_HEAD(list);
@@ -522,9 +522,9 @@ void crypto_unregister_alg(struct crypto_alg *alg)
list_add(&alg->cra_list, &list);
crypto_remove_final(&list);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_alg);
+DEFINE_CRYPTO_API(crypto_unregister_alg);
-int crypto_register_algs(struct crypto_alg *algs, int count)
+int CRYPTO_API(crypto_register_algs)(struct crypto_alg *algs, int count)
{
int i, ret;
@@ -542,18 +542,18 @@ int crypto_register_algs(struct crypto_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_algs);
+DEFINE_CRYPTO_API(crypto_register_algs);
-void crypto_unregister_algs(struct crypto_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_algs)(struct crypto_alg *algs, int count)
{
int i;
for (i = 0; i < count; i++)
crypto_unregister_alg(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_algs);
+DEFINE_CRYPTO_API(crypto_unregister_algs);
-int crypto_register_template(struct crypto_template *tmpl)
+int CRYPTO_API(crypto_register_template)(struct crypto_template *tmpl)
{
struct crypto_template *q;
int err = -EEXIST;
@@ -581,9 +581,9 @@ int crypto_register_template(struct crypto_template *tmpl)
up_write(&crypto_alg_sem);
return err;
}
-EXPORT_SYMBOL_GPL(crypto_register_template);
+DEFINE_CRYPTO_API(crypto_register_template);
-int crypto_register_templates(struct crypto_template *tmpls, int count)
+int CRYPTO_API(crypto_register_templates)(struct crypto_template *tmpls, int count)
{
int i, err;
@@ -599,9 +599,9 @@ int crypto_register_templates(struct crypto_template *tmpls, int count)
crypto_unregister_template(&tmpls[i]);
return err;
}
-EXPORT_SYMBOL_GPL(crypto_register_templates);
+DEFINE_CRYPTO_API(crypto_register_templates);
-void crypto_unregister_template(struct crypto_template *tmpl)
+void CRYPTO_API(crypto_unregister_template)(struct crypto_template *tmpl)
{
struct crypto_instance *inst;
struct hlist_node *n;
@@ -630,16 +630,16 @@ void crypto_unregister_template(struct crypto_template *tmpl)
flush_work(&tmpl->free_work);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_template);
+DEFINE_CRYPTO_API(crypto_unregister_template);
-void crypto_unregister_templates(struct crypto_template *tmpls, int count)
+void CRYPTO_API(crypto_unregister_templates)(struct crypto_template *tmpls, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_template(&tmpls[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_templates);
+DEFINE_CRYPTO_API(crypto_unregister_templates);
static struct crypto_template *__crypto_lookup_template(const char *name)
{
@@ -660,14 +660,14 @@ static struct crypto_template *__crypto_lookup_template(const char *name)
return tmpl;
}
-struct crypto_template *crypto_lookup_template(const char *name)
+struct crypto_template *CRYPTO_API(crypto_lookup_template)(const char *name)
{
return try_then_request_module(__crypto_lookup_template(name),
"crypto-%s", name);
}
-EXPORT_SYMBOL_GPL(crypto_lookup_template);
+DEFINE_CRYPTO_API(crypto_lookup_template);
-int crypto_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(crypto_register_instance)(struct crypto_template *tmpl,
struct crypto_instance *inst)
{
struct crypto_larval *larval;
@@ -748,9 +748,9 @@ int crypto_register_instance(struct crypto_template *tmpl,
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_register_instance);
+DEFINE_CRYPTO_API(crypto_register_instance);
-void crypto_unregister_instance(struct crypto_instance *inst)
+void CRYPTO_API(crypto_unregister_instance)(struct crypto_instance *inst)
{
LIST_HEAD(list);
@@ -763,9 +763,9 @@ void crypto_unregister_instance(struct crypto_instance *inst)
crypto_remove_final(&list);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_instance);
+DEFINE_CRYPTO_API(crypto_unregister_instance);
-int crypto_grab_spawn(struct crypto_spawn *spawn, struct crypto_instance *inst,
+int CRYPTO_API(crypto_grab_spawn)(struct crypto_spawn *spawn, struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
struct crypto_alg *alg;
@@ -799,9 +799,9 @@ int crypto_grab_spawn(struct crypto_spawn *spawn, struct crypto_instance *inst,
crypto_mod_put(alg);
return err;
}
-EXPORT_SYMBOL_GPL(crypto_grab_spawn);
+DEFINE_CRYPTO_API(crypto_grab_spawn);
-void crypto_drop_spawn(struct crypto_spawn *spawn)
+void CRYPTO_API(crypto_drop_spawn)(struct crypto_spawn *spawn)
{
if (!spawn->alg) /* not yet initialized? */
return;
@@ -814,7 +814,7 @@ void crypto_drop_spawn(struct crypto_spawn *spawn)
if (!spawn->registered)
crypto_mod_put(spawn->alg);
}
-EXPORT_SYMBOL_GPL(crypto_drop_spawn);
+DEFINE_CRYPTO_API(crypto_drop_spawn);
static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn)
{
@@ -841,7 +841,7 @@ static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn)
return alg;
}
-struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
+struct crypto_tfm *CRYPTO_API(crypto_spawn_tfm)(struct crypto_spawn *spawn, u32 type,
u32 mask)
{
struct crypto_alg *alg;
@@ -865,9 +865,9 @@ struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
crypto_mod_put(alg);
return tfm;
}
-EXPORT_SYMBOL_GPL(crypto_spawn_tfm);
+DEFINE_CRYPTO_API(crypto_spawn_tfm);
-void *crypto_spawn_tfm2(struct crypto_spawn *spawn)
+void *CRYPTO_API(crypto_spawn_tfm2)(struct crypto_spawn *spawn)
{
struct crypto_alg *alg;
struct crypto_tfm *tfm;
@@ -886,21 +886,21 @@ void *crypto_spawn_tfm2(struct crypto_spawn *spawn)
crypto_mod_put(alg);
return tfm;
}
-EXPORT_SYMBOL_GPL(crypto_spawn_tfm2);
+DEFINE_CRYPTO_API(crypto_spawn_tfm2);
-int crypto_register_notifier(struct notifier_block *nb)
+int CRYPTO_API(crypto_register_notifier)(struct notifier_block *nb)
{
return blocking_notifier_chain_register(&crypto_chain, nb);
}
-EXPORT_SYMBOL_GPL(crypto_register_notifier);
+DEFINE_CRYPTO_API(crypto_register_notifier);
-int crypto_unregister_notifier(struct notifier_block *nb)
+int CRYPTO_API(crypto_unregister_notifier)(struct notifier_block *nb)
{
return blocking_notifier_chain_unregister(&crypto_chain, nb);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_notifier);
+DEFINE_CRYPTO_API(crypto_unregister_notifier);
-struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb)
+struct crypto_attr_type *CRYPTO_API(crypto_get_attr_type)(struct rtattr **tb)
{
struct rtattr *rta = tb[0];
struct crypto_attr_type *algt;
@@ -916,7 +916,7 @@ struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb)
return algt;
}
-EXPORT_SYMBOL_GPL(crypto_get_attr_type);
+DEFINE_CRYPTO_API(crypto_get_attr_type);
/**
* crypto_check_attr_type() - check algorithm type and compute inherited mask
@@ -934,7 +934,7 @@ EXPORT_SYMBOL_GPL(crypto_get_attr_type);
*
* Return: 0 on success; -errno on failure
*/
-int crypto_check_attr_type(struct rtattr **tb, u32 type, u32 *mask_ret)
+int CRYPTO_API(crypto_check_attr_type)(struct rtattr **tb, u32 type, u32 *mask_ret)
{
struct crypto_attr_type *algt;
@@ -948,9 +948,9 @@ int crypto_check_attr_type(struct rtattr **tb, u32 type, u32 *mask_ret)
*mask_ret = crypto_algt_inherited_mask(algt);
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_check_attr_type);
+DEFINE_CRYPTO_API(crypto_check_attr_type);
-const char *crypto_attr_alg_name(struct rtattr *rta)
+const char *CRYPTO_API(crypto_attr_alg_name)(struct rtattr *rta)
{
struct crypto_attr_alg *alga;
@@ -966,9 +966,9 @@ const char *crypto_attr_alg_name(struct rtattr *rta)
return alga->name;
}
-EXPORT_SYMBOL_GPL(crypto_attr_alg_name);
+DEFINE_CRYPTO_API(crypto_attr_alg_name);
-int __crypto_inst_setname(struct crypto_instance *inst, const char *name,
+int CRYPTO_API(__crypto_inst_setname)(struct crypto_instance *inst, const char *name,
const char *driver, struct crypto_alg *alg)
{
if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", name,
@@ -981,18 +981,18 @@ int __crypto_inst_setname(struct crypto_instance *inst, const char *name,
return 0;
}
-EXPORT_SYMBOL_GPL(__crypto_inst_setname);
+DEFINE_CRYPTO_API(__crypto_inst_setname);
-void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen)
+void CRYPTO_API(crypto_init_queue)(struct crypto_queue *queue, unsigned int max_qlen)
{
INIT_LIST_HEAD(&queue->list);
queue->backlog = &queue->list;
queue->qlen = 0;
queue->max_qlen = max_qlen;
}
-EXPORT_SYMBOL_GPL(crypto_init_queue);
+DEFINE_CRYPTO_API(crypto_init_queue);
-int crypto_enqueue_request(struct crypto_queue *queue,
+int CRYPTO_API(crypto_enqueue_request)(struct crypto_queue *queue,
struct crypto_async_request *request)
{
int err = -EINPROGRESS;
@@ -1013,9 +1013,9 @@ int crypto_enqueue_request(struct crypto_queue *queue,
out:
return err;
}
-EXPORT_SYMBOL_GPL(crypto_enqueue_request);
+DEFINE_CRYPTO_API(crypto_enqueue_request);
-void crypto_enqueue_request_head(struct crypto_queue *queue,
+void CRYPTO_API(crypto_enqueue_request_head)(struct crypto_queue *queue,
struct crypto_async_request *request)
{
if (unlikely(queue->qlen >= queue->max_qlen))
@@ -1024,9 +1024,9 @@ void crypto_enqueue_request_head(struct crypto_queue *queue,
queue->qlen++;
list_add(&request->list, &queue->list);
}
-EXPORT_SYMBOL_GPL(crypto_enqueue_request_head);
+DEFINE_CRYPTO_API(crypto_enqueue_request_head);
-struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue)
+struct crypto_async_request *CRYPTO_API(crypto_dequeue_request)(struct crypto_queue *queue)
{
struct list_head *request;
@@ -1043,7 +1043,7 @@ struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue)
return list_entry(request, struct crypto_async_request, list);
}
-EXPORT_SYMBOL_GPL(crypto_dequeue_request);
+DEFINE_CRYPTO_API(crypto_dequeue_request);
static inline void crypto_inc_byte(u8 *a, unsigned int size)
{
@@ -1058,7 +1058,7 @@ static inline void crypto_inc_byte(u8 *a, unsigned int size)
}
}
-void crypto_inc(u8 *a, unsigned int size)
+void CRYPTO_API(crypto_inc)(u8 *a, unsigned int size)
{
__be32 *b = (__be32 *)(a + size);
u32 c;
@@ -1074,16 +1074,16 @@ void crypto_inc(u8 *a, unsigned int size)
crypto_inc_byte(a, size);
}
-EXPORT_SYMBOL_GPL(crypto_inc);
+DEFINE_CRYPTO_API(crypto_inc);
-unsigned int crypto_alg_extsize(struct crypto_alg *alg)
+unsigned int CRYPTO_API(crypto_alg_extsize)(struct crypto_alg *alg)
{
return alg->cra_ctxsize +
(alg->cra_alignmask & ~(crypto_tfm_ctx_alignment() - 1));
}
-EXPORT_SYMBOL_GPL(crypto_alg_extsize);
+DEFINE_CRYPTO_API(crypto_alg_extsize);
-int crypto_type_has_alg(const char *name, const struct crypto_type *frontend,
+int CRYPTO_API(crypto_type_has_alg)(const char *name, const struct crypto_type *frontend,
u32 type, u32 mask)
{
int ret = 0;
@@ -1096,7 +1096,7 @@ int crypto_type_has_alg(const char *name, const struct crypto_type *frontend,
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_type_has_alg);
+DEFINE_CRYPTO_API(crypto_type_has_alg);
static void __init crypto_start_tests(void)
{
@@ -1166,8 +1166,8 @@ static void __exit crypto_algapi_exit(void)
* We run this at late_initcall so that all the built-in algorithms
* have had a chance to register themselves first.
*/
-late_initcall(crypto_algapi_init);
-module_exit(crypto_algapi_exit);
+crypto_late_initcall(crypto_algapi_init);
+crypto_module_exit(crypto_algapi_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Cryptographic algorithms API");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 3c3445523803..1c7907b5e1dc 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -223,3 +223,47 @@ DEFINE_CRYPTO_API_STUB(akcipher_register_instance);
#endif
+/*
+ * crypto/algapi.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI2)
+
+#include <crypto/algapi.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_register_alg);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_alg);
+DEFINE_CRYPTO_API_STUB(crypto_register_algs);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_algs);
+DEFINE_CRYPTO_API_STUB(crypto_register_template);
+DEFINE_CRYPTO_API_STUB(crypto_register_templates);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_template);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_templates);
+DEFINE_CRYPTO_API_STUB(crypto_lookup_template);
+DEFINE_CRYPTO_API_STUB(crypto_register_instance);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_instance);
+DEFINE_CRYPTO_API_STUB(crypto_grab_spawn);
+DEFINE_CRYPTO_API_STUB(crypto_drop_spawn);
+DEFINE_CRYPTO_API_STUB(crypto_spawn_tfm);
+DEFINE_CRYPTO_API_STUB(crypto_spawn_tfm2);
+DEFINE_CRYPTO_API_STUB(crypto_get_attr_type);
+DEFINE_CRYPTO_API_STUB(crypto_check_attr_type);
+DEFINE_CRYPTO_API_STUB(crypto_attr_alg_name);
+DEFINE_CRYPTO_API_STUB(__crypto_inst_setname);
+DEFINE_CRYPTO_API_STUB(crypto_init_queue);
+DEFINE_CRYPTO_API_STUB(crypto_enqueue_request);
+DEFINE_CRYPTO_API_STUB(crypto_enqueue_request_head);
+DEFINE_CRYPTO_API_STUB(crypto_dequeue_request);
+DEFINE_CRYPTO_API_STUB(crypto_inc);
+DEFINE_CRYPTO_API_STUB(crypto_register_notifier);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_notifier);
+
+#include <crypto/internal.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alg_tested);
+DEFINE_CRYPTO_API_STUB(crypto_remove_spawns);
+DEFINE_CRYPTO_API_STUB(crypto_remove_final);
+DEFINE_CRYPTO_API_STUB(crypto_alg_extsize);
+DEFINE_CRYPTO_API_STUB(crypto_type_has_alg);
+
+#endif
+
diff --git a/crypto/internal.h b/crypto/internal.h
index 1000ce8de06c..d823931fd0e2 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_INTERNAL_H
#define _CRYPTO_INTERNAL_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
#include <linux/completion.h>
#include <linux/err.h>
@@ -114,11 +115,16 @@ struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask);
struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask);
void crypto_schedule_test(struct crypto_larval *larval);
-void crypto_alg_tested(struct crypto_alg *alg, int err);
-
-void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
- struct crypto_alg *nalg);
-void crypto_remove_final(struct list_head *list);
+DECLARE_CRYPTO_API(crypto_alg_tested, void,
+ (struct crypto_alg *alg, int err),
+ (alg, err));
+
+DECLARE_CRYPTO_API(crypto_remove_spawns, void,
+ (struct crypto_alg *alg, struct list_head *list, struct crypto_alg *nalg),
+ (alg, list, nalg));
+DECLARE_CRYPTO_API(crypto_remove_final, void,
+ (struct list_head *list),
+ (list));
void crypto_shoot_alg(struct crypto_alg *alg);
struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
u32 mask, gfp_t gfp);
@@ -151,10 +157,13 @@ static inline void *crypto_alloc_tfm(const char *alg_name,
int crypto_probing_notify(unsigned long val, void *v);
-unsigned int crypto_alg_extsize(struct crypto_alg *alg);
+DECLARE_CRYPTO_API(crypto_alg_extsize, unsigned int,
+ (struct crypto_alg *alg),
+ (alg));
-int crypto_type_has_alg(const char *name, const struct crypto_type *frontend,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_type_has_alg, int,
+ (const char *name, const struct crypto_type *frontend, u32 type, u32 mask),
+ (name, frontend, type, mask));
static inline struct crypto_alg *crypto_alg_get(struct crypto_alg *alg)
{
diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h
index fc4574940636..9d7505b7f029 100644
--- a/include/crypto/algapi.h
+++ b/include/crypto/algapi.h
@@ -7,6 +7,7 @@
#ifndef _CRYPTO_ALGAPI_H
#define _CRYPTO_ALGAPI_H
+#include <crypto/api.h>
#include <crypto/utils.h>
#include <linux/align.h>
#include <linux/cache.h>
@@ -119,35 +120,69 @@ struct crypto_attr_type {
/*
* Algorithm registration interface.
*/
-int crypto_register_alg(struct crypto_alg *alg);
-void crypto_unregister_alg(struct crypto_alg *alg);
-int crypto_register_algs(struct crypto_alg *algs, int count);
-void crypto_unregister_algs(struct crypto_alg *algs, int count);
+DECLARE_CRYPTO_API(crypto_register_alg, int,
+ (struct crypto_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_alg, void,
+ (struct crypto_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_algs, int,
+ (struct crypto_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_algs, void,
+ (struct crypto_alg *algs, int count),
+ (algs, count));
void crypto_mod_put(struct crypto_alg *alg);
-int crypto_register_template(struct crypto_template *tmpl);
-int crypto_register_templates(struct crypto_template *tmpls, int count);
-void crypto_unregister_template(struct crypto_template *tmpl);
-void crypto_unregister_templates(struct crypto_template *tmpls, int count);
-struct crypto_template *crypto_lookup_template(const char *name);
-
-int crypto_register_instance(struct crypto_template *tmpl,
- struct crypto_instance *inst);
-void crypto_unregister_instance(struct crypto_instance *inst);
-
-int crypto_grab_spawn(struct crypto_spawn *spawn, struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
-void crypto_drop_spawn(struct crypto_spawn *spawn);
-struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
- u32 mask);
-void *crypto_spawn_tfm2(struct crypto_spawn *spawn);
-
-struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb);
-int crypto_check_attr_type(struct rtattr **tb, u32 type, u32 *mask_ret);
-const char *crypto_attr_alg_name(struct rtattr *rta);
-int __crypto_inst_setname(struct crypto_instance *inst, const char *name,
- const char *driver, struct crypto_alg *alg);
+DECLARE_CRYPTO_API(crypto_register_template, int,
+ (struct crypto_template *tmpl),
+ (tmpl));
+DECLARE_CRYPTO_API(crypto_register_templates, int,
+ (struct crypto_template *tmpls, int count),
+ (tmpls, count));
+DECLARE_CRYPTO_API(crypto_unregister_template, void,
+ (struct crypto_template *tmpl),
+ (tmpl));
+DECLARE_CRYPTO_API(crypto_unregister_templates, void,
+ (struct crypto_template *tmpls, int count),
+ (tmpls, count));
+DECLARE_CRYPTO_API(crypto_lookup_template, struct crypto_template *,
+ (const char *name),
+ (name));
+
+DECLARE_CRYPTO_API(crypto_register_instance, int,
+ (struct crypto_template *tmpl, struct crypto_instance *inst),
+ (tmpl, inst));
+DECLARE_CRYPTO_API(crypto_unregister_instance, void,
+ (struct crypto_instance *inst),
+ (inst));
+
+DECLARE_CRYPTO_API(crypto_grab_spawn, int,
+ (struct crypto_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
+DECLARE_CRYPTO_API(crypto_drop_spawn, void,
+ (struct crypto_spawn *spawn),
+ (spawn));
+DECLARE_CRYPTO_API(crypto_spawn_tfm, struct crypto_tfm *,
+ (struct crypto_spawn *spawn, u32 type, u32 mask),
+ (spawn, type, mask));
+DECLARE_CRYPTO_API(crypto_spawn_tfm2, void *,
+ (struct crypto_spawn *spawn),
+ (spawn));
+
+DECLARE_CRYPTO_API(crypto_get_attr_type, struct crypto_attr_type *,
+ (struct rtattr **tb),
+ (tb));
+DECLARE_CRYPTO_API(crypto_check_attr_type, int,
+ (struct rtattr **tb, u32 type, u32 *mask_ret),
+ (tb, type, mask_ret));
+DECLARE_CRYPTO_API(crypto_attr_alg_name, const char *,
+ (struct rtattr *rta),
+ (rta));
+DECLARE_CRYPTO_API(__crypto_inst_setname, int,
+ (struct crypto_instance *inst, const char *name, const char *driver, struct crypto_alg *alg),
+ (inst, name, driver, alg));
#define crypto_inst_setname(inst, name, ...) \
CONCATENATE(crypto_inst_setname_, COUNT_ARGS(__VA_ARGS__))( \
@@ -157,18 +192,26 @@ int __crypto_inst_setname(struct crypto_instance *inst, const char *name,
#define crypto_inst_setname_2(inst, name, driver, alg) \
__crypto_inst_setname(inst, name, driver, alg)
-void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen);
-int crypto_enqueue_request(struct crypto_queue *queue,
- struct crypto_async_request *request);
-void crypto_enqueue_request_head(struct crypto_queue *queue,
- struct crypto_async_request *request);
-struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue);
+DECLARE_CRYPTO_API(crypto_init_queue, void,
+ (struct crypto_queue *queue, unsigned int max_qlen),
+ (queue, max_qlen));
+DECLARE_CRYPTO_API(crypto_enqueue_request, int,
+ (struct crypto_queue *queue, struct crypto_async_request *request),
+ (queue, request));
+DECLARE_CRYPTO_API(crypto_enqueue_request_head, void,
+ (struct crypto_queue *queue, struct crypto_async_request *request),
+ (queue, request));
+DECLARE_CRYPTO_API(crypto_dequeue_request, struct crypto_async_request *,
+ (struct crypto_queue *queue),
+ (queue));
static inline unsigned int crypto_queue_len(struct crypto_queue *queue)
{
return queue->qlen;
}
-void crypto_inc(u8 *a, unsigned int size);
+DECLARE_CRYPTO_API(crypto_inc, void,
+ (u8 *a, unsigned int size),
+ (a, size));
static inline void *crypto_tfm_ctx(struct crypto_tfm *tfm)
{
@@ -242,8 +285,12 @@ static inline u32 crypto_algt_inherited_mask(struct crypto_attr_type *algt)
return crypto_requires_off(algt, CRYPTO_ALG_INHERITED_FLAGS);
}
-int crypto_register_notifier(struct notifier_block *nb);
-int crypto_unregister_notifier(struct notifier_block *nb);
+DECLARE_CRYPTO_API(crypto_register_notifier, int,
+ (struct notifier_block *nb),
+ (nb));
+DECLARE_CRYPTO_API(crypto_unregister_notifier, int,
+ (struct notifier_block *nb),
+ (nb));
/* Crypto notification events. */
enum {
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 034/104] crypto: fips140: convert crypto/algboss.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (32 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 033/104] crypto: fips140: convert crypto/algapi.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 035/104] crypto: fips140: convert crypto/api.c " Vegard Nossum
` (70 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_MANAGER2 --source crypto/algboss.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/algboss.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/algboss.c b/crypto/algboss.c
index 2599c54a49ff..9d540ab27e9e 100644
--- a/crypto/algboss.c
+++ b/crypto/algboss.c
@@ -235,8 +235,8 @@ static void __exit cryptomgr_exit(void)
BUG_ON(err);
}
-module_init(cryptomgr_init);
-module_exit(cryptomgr_exit);
+crypto_module_init(cryptomgr_init);
+crypto_module_exit(cryptomgr_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Crypto Algorithm Manager");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 035/104] crypto: fips140: convert crypto/api.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (33 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 034/104] crypto: fips140: convert crypto/algboss.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 036/104] crypto: fips140: convert crypto/authenc.c " Vegard Nossum
` (69 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO --source crypto/api.c --header include/linux/crypto.h include/crypto/algapi.h crypto/internal.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/api.c | 76 ++++++++++++++++++++---------------------
crypto/fips140-api.c | 35 +++++++++++++++++++
crypto/internal.h | 62 +++++++++++++++++++++------------
include/crypto/algapi.h | 4 ++-
include/linux/crypto.h | 23 +++++++++----
5 files changed, 133 insertions(+), 67 deletions(-)
diff --git a/crypto/api.c b/crypto/api.c
index 5724d62e9d07..7ddc99599590 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -40,20 +40,20 @@ static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg,
static struct crypto_alg *crypto_alg_lookup(const char *name, u32 type,
u32 mask);
-struct crypto_alg *crypto_mod_get(struct crypto_alg *alg)
+struct crypto_alg *CRYPTO_API(crypto_mod_get)(struct crypto_alg *alg)
{
return try_module_get(alg->cra_module) ? crypto_alg_get(alg) : NULL;
}
-EXPORT_SYMBOL_GPL(crypto_mod_get);
+DEFINE_CRYPTO_API(crypto_mod_get);
-void crypto_mod_put(struct crypto_alg *alg)
+void CRYPTO_API(crypto_mod_put)(struct crypto_alg *alg)
{
struct module *module = alg->cra_module;
crypto_alg_put(alg);
module_put(module);
}
-EXPORT_SYMBOL_GPL(crypto_mod_put);
+DEFINE_CRYPTO_API(crypto_mod_put);
static struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type,
u32 mask)
@@ -100,7 +100,7 @@ static void crypto_larval_destroy(struct crypto_alg *alg)
kfree(larval);
}
-struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask)
+struct crypto_larval *CRYPTO_API(crypto_larval_alloc)(const char *name, u32 type, u32 mask)
{
struct crypto_larval *larval;
@@ -120,7 +120,7 @@ struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask)
return larval;
}
-EXPORT_SYMBOL_GPL(crypto_larval_alloc);
+DEFINE_CRYPTO_API(crypto_larval_alloc);
static struct crypto_alg *crypto_larval_add(const char *name, u32 type,
u32 mask)
@@ -168,14 +168,14 @@ static void crypto_larval_kill(struct crypto_larval *larval)
crypto_alg_put(&larval->alg);
}
-void crypto_schedule_test(struct crypto_larval *larval)
+void CRYPTO_API(crypto_schedule_test)(struct crypto_larval *larval)
{
int err;
err = crypto_probing_notify(CRYPTO_MSG_ALG_REGISTER, larval->adult);
WARN_ON_ONCE(err != NOTIFY_STOP);
}
-EXPORT_SYMBOL_GPL(crypto_schedule_test);
+DEFINE_CRYPTO_API(crypto_schedule_test);
static void crypto_start_test(struct crypto_larval *larval)
{
@@ -320,7 +320,7 @@ static struct crypto_alg *crypto_larval_lookup(const char *name, u32 type,
return alg;
}
-int crypto_probing_notify(unsigned long val, void *v)
+int CRYPTO_API(crypto_probing_notify)(unsigned long val, void *v)
{
int ok;
@@ -332,9 +332,9 @@ int crypto_probing_notify(unsigned long val, void *v)
return ok;
}
-EXPORT_SYMBOL_GPL(crypto_probing_notify);
+DEFINE_CRYPTO_API(crypto_probing_notify);
-struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask)
+struct crypto_alg *CRYPTO_API(crypto_alg_mod_lookup)(const char *name, u32 type, u32 mask)
{
struct crypto_alg *alg;
struct crypto_alg *larval;
@@ -365,7 +365,7 @@ struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask)
crypto_larval_kill(container_of(larval, struct crypto_larval, alg));
return alg;
}
-EXPORT_SYMBOL_GPL(crypto_alg_mod_lookup);
+DEFINE_CRYPTO_API(crypto_alg_mod_lookup);
static void crypto_exit_ops(struct crypto_tfm *tfm)
{
@@ -396,15 +396,15 @@ static unsigned int crypto_ctxsize(struct crypto_alg *alg, u32 type, u32 mask)
return len;
}
-void crypto_shoot_alg(struct crypto_alg *alg)
+void CRYPTO_API(crypto_shoot_alg)(struct crypto_alg *alg)
{
down_write(&crypto_alg_sem);
alg->cra_flags |= CRYPTO_ALG_DYING;
up_write(&crypto_alg_sem);
}
-EXPORT_SYMBOL_GPL(crypto_shoot_alg);
+DEFINE_CRYPTO_API(crypto_shoot_alg);
-struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
+struct crypto_tfm *CRYPTO_API(__crypto_alloc_tfmgfp)(struct crypto_alg *alg, u32 type,
u32 mask, gfp_t gfp)
{
struct crypto_tfm *tfm;
@@ -434,14 +434,14 @@ struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
out:
return tfm;
}
-EXPORT_SYMBOL_GPL(__crypto_alloc_tfmgfp);
+DEFINE_CRYPTO_API(__crypto_alloc_tfmgfp);
-struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
+struct crypto_tfm *CRYPTO_API(__crypto_alloc_tfm)(struct crypto_alg *alg, u32 type,
u32 mask)
{
return __crypto_alloc_tfmgfp(alg, type, mask, GFP_KERNEL);
}
-EXPORT_SYMBOL_GPL(__crypto_alloc_tfm);
+DEFINE_CRYPTO_API(__crypto_alloc_tfm);
/*
* crypto_alloc_base - Locate algorithm and allocate transform
@@ -465,7 +465,7 @@ EXPORT_SYMBOL_GPL(__crypto_alloc_tfm);
*
* In case of error the return value is an error pointer.
*/
-struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask)
+struct crypto_tfm *CRYPTO_API(crypto_alloc_base)(const char *alg_name, u32 type, u32 mask)
{
struct crypto_tfm *tfm;
int err;
@@ -497,7 +497,7 @@ struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask)
return ERR_PTR(err);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_base);
+DEFINE_CRYPTO_API(crypto_alloc_base);
static void *crypto_alloc_tfmmem(struct crypto_alg *alg,
const struct crypto_type *frontend, int node,
@@ -523,7 +523,7 @@ static void *crypto_alloc_tfmmem(struct crypto_alg *alg,
return mem;
}
-void *crypto_create_tfm_node(struct crypto_alg *alg,
+void *CRYPTO_API(crypto_create_tfm_node)(struct crypto_alg *alg,
const struct crypto_type *frontend,
int node)
{
@@ -557,9 +557,9 @@ void *crypto_create_tfm_node(struct crypto_alg *alg,
out:
return mem;
}
-EXPORT_SYMBOL_GPL(crypto_create_tfm_node);
+DEFINE_CRYPTO_API(crypto_create_tfm_node);
-void *crypto_clone_tfm(const struct crypto_type *frontend,
+void *CRYPTO_API(crypto_clone_tfm)(const struct crypto_type *frontend,
struct crypto_tfm *otfm)
{
struct crypto_alg *alg = otfm->__crt_alg;
@@ -583,9 +583,9 @@ void *crypto_clone_tfm(const struct crypto_type *frontend,
out:
return mem;
}
-EXPORT_SYMBOL_GPL(crypto_clone_tfm);
+DEFINE_CRYPTO_API(crypto_clone_tfm);
-struct crypto_alg *crypto_find_alg(const char *alg_name,
+struct crypto_alg *CRYPTO_API(crypto_find_alg)(const char *alg_name,
const struct crypto_type *frontend,
u32 type, u32 mask)
{
@@ -598,7 +598,7 @@ struct crypto_alg *crypto_find_alg(const char *alg_name,
return crypto_alg_mod_lookup(alg_name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_find_alg);
+DEFINE_CRYPTO_API(crypto_find_alg);
/*
* crypto_alloc_tfm_node - Locate algorithm and allocate transform
@@ -623,7 +623,7 @@ EXPORT_SYMBOL_GPL(crypto_find_alg);
* In case of error the return value is an error pointer.
*/
-void *crypto_alloc_tfm_node(const char *alg_name,
+void *CRYPTO_API(crypto_alloc_tfm_node)(const char *alg_name,
const struct crypto_type *frontend, u32 type, u32 mask,
int node)
{
@@ -657,7 +657,7 @@ void *crypto_alloc_tfm_node(const char *alg_name,
return ERR_PTR(err);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_tfm_node);
+DEFINE_CRYPTO_API(crypto_alloc_tfm_node);
/*
* crypto_destroy_tfm - Free crypto transform
@@ -667,7 +667,7 @@ EXPORT_SYMBOL_GPL(crypto_alloc_tfm_node);
* This function frees up the transform and any associated resources,
* then drops the refcount on the associated algorithm.
*/
-void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
+void CRYPTO_API(crypto_destroy_tfm)(void *mem, struct crypto_tfm *tfm)
{
struct crypto_alg *alg;
@@ -684,9 +684,9 @@ void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
crypto_mod_put(alg);
kfree_sensitive(mem);
}
-EXPORT_SYMBOL_GPL(crypto_destroy_tfm);
+DEFINE_CRYPTO_API(crypto_destroy_tfm);
-int crypto_has_alg(const char *name, u32 type, u32 mask)
+int CRYPTO_API(crypto_has_alg)(const char *name, u32 type, u32 mask)
{
int ret = 0;
struct crypto_alg *alg = crypto_alg_mod_lookup(name, type, mask);
@@ -698,9 +698,9 @@ int crypto_has_alg(const char *name, u32 type, u32 mask)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_has_alg);
+DEFINE_CRYPTO_API(crypto_has_alg);
-void crypto_req_done(void *data, int err)
+void CRYPTO_API(crypto_req_done)(void *data, int err)
{
struct crypto_wait *wait = data;
@@ -710,18 +710,18 @@ void crypto_req_done(void *data, int err)
wait->err = err;
complete(&wait->completion);
}
-EXPORT_SYMBOL_GPL(crypto_req_done);
+DEFINE_CRYPTO_API(crypto_req_done);
-void crypto_destroy_alg(struct crypto_alg *alg)
+void CRYPTO_API(crypto_destroy_alg)(struct crypto_alg *alg)
{
if (alg->cra_type && alg->cra_type->destroy)
alg->cra_type->destroy(alg);
if (alg->cra_destroy)
alg->cra_destroy(alg);
}
-EXPORT_SYMBOL_GPL(crypto_destroy_alg);
+DEFINE_CRYPTO_API(crypto_destroy_alg);
-struct crypto_async_request *crypto_request_clone(
+struct crypto_async_request *CRYPTO_API(crypto_request_clone)(
struct crypto_async_request *req, size_t total, gfp_t gfp)
{
struct crypto_tfm *tfm = req->tfm;
@@ -736,7 +736,7 @@ struct crypto_async_request *crypto_request_clone(
nreq->flags &= ~CRYPTO_TFM_REQ_ON_STACK;
return nreq;
}
-EXPORT_SYMBOL_GPL(crypto_request_clone);
+DEFINE_CRYPTO_API(crypto_request_clone);
MODULE_DESCRIPTION("Cryptographic core API");
MODULE_LICENSE("GPL");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 1c7907b5e1dc..f5cf473f1f25 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -267,3 +267,38 @@ DEFINE_CRYPTO_API_STUB(crypto_type_has_alg);
#endif
+/*
+ * crypto/api.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO)
+
+#include <linux/crypto.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_req_done);
+DEFINE_CRYPTO_API_STUB(crypto_has_alg);
+DEFINE_CRYPTO_API_STUB(crypto_alloc_base);
+DEFINE_CRYPTO_API_STUB(crypto_destroy_tfm);
+DEFINE_CRYPTO_API_STUB(crypto_request_clone);
+
+#include <crypto/algapi.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_mod_put);
+
+#include <crypto/internal.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_mod_get);
+DEFINE_CRYPTO_API_STUB(crypto_alg_mod_lookup);
+DEFINE_CRYPTO_API_STUB(crypto_larval_alloc);
+DEFINE_CRYPTO_API_STUB(crypto_schedule_test);
+DEFINE_CRYPTO_API_STUB(crypto_shoot_alg);
+DEFINE_CRYPTO_API_STUB(__crypto_alloc_tfmgfp);
+DEFINE_CRYPTO_API_STUB(__crypto_alloc_tfm);
+DEFINE_CRYPTO_API_STUB(crypto_create_tfm_node);
+DEFINE_CRYPTO_API_STUB(crypto_clone_tfm);
+DEFINE_CRYPTO_API_STUB(crypto_find_alg);
+DEFINE_CRYPTO_API_STUB(crypto_alloc_tfm_node);
+DEFINE_CRYPTO_API_STUB(crypto_probing_notify);
+DEFINE_CRYPTO_API_STUB(crypto_destroy_alg);
+
+#endif
+
diff --git a/crypto/internal.h b/crypto/internal.h
index d823931fd0e2..700280457bf6 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -110,11 +110,19 @@ static inline unsigned int crypto_compress_ctxsize(struct crypto_alg *alg)
return alg->cra_ctxsize;
}
-struct crypto_alg *crypto_mod_get(struct crypto_alg *alg);
-struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask);
-
-struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask);
-void crypto_schedule_test(struct crypto_larval *larval);
+DECLARE_CRYPTO_API(crypto_mod_get, struct crypto_alg *,
+ (struct crypto_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_alg_mod_lookup, struct crypto_alg *,
+ (const char *name, u32 type, u32 mask),
+ (name, type, mask));
+
+DECLARE_CRYPTO_API(crypto_larval_alloc, struct crypto_larval *,
+ (const char *name, u32 type, u32 mask),
+ (name, type, mask));
+DECLARE_CRYPTO_API(crypto_schedule_test, void,
+ (struct crypto_larval *larval),
+ (larval));
DECLARE_CRYPTO_API(crypto_alg_tested, void,
(struct crypto_alg *alg, int err),
(alg, err));
@@ -125,15 +133,21 @@ DECLARE_CRYPTO_API(crypto_remove_spawns, void,
DECLARE_CRYPTO_API(crypto_remove_final, void,
(struct list_head *list),
(list));
-void crypto_shoot_alg(struct crypto_alg *alg);
-struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
- u32 mask, gfp_t gfp);
-struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
- u32 mask);
-void *crypto_create_tfm_node(struct crypto_alg *alg,
- const struct crypto_type *frontend, int node);
-void *crypto_clone_tfm(const struct crypto_type *frontend,
- struct crypto_tfm *otfm);
+DECLARE_CRYPTO_API(crypto_shoot_alg, void,
+ (struct crypto_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(__crypto_alloc_tfmgfp, struct crypto_tfm *,
+ (struct crypto_alg *alg, u32 type, u32 mask, gfp_t gfp),
+ (alg, type, mask, gfp));
+DECLARE_CRYPTO_API(__crypto_alloc_tfm, struct crypto_tfm *,
+ (struct crypto_alg *alg, u32 type, u32 mask),
+ (alg, type, mask));
+DECLARE_CRYPTO_API(crypto_create_tfm_node, void *,
+ (struct crypto_alg *alg, const struct crypto_type *frontend, int node),
+ (alg, frontend, node));
+DECLARE_CRYPTO_API(crypto_clone_tfm, void *,
+ (const struct crypto_type *frontend, struct crypto_tfm *otfm),
+ (frontend, otfm));
static inline void *crypto_create_tfm(struct crypto_alg *alg,
const struct crypto_type *frontend)
@@ -141,13 +155,13 @@ static inline void *crypto_create_tfm(struct crypto_alg *alg,
return crypto_create_tfm_node(alg, frontend, NUMA_NO_NODE);
}
-struct crypto_alg *crypto_find_alg(const char *alg_name,
- const struct crypto_type *frontend,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_find_alg, struct crypto_alg *,
+ (const char *alg_name, const struct crypto_type *frontend, u32 type, u32 mask),
+ (alg_name, frontend, type, mask));
-void *crypto_alloc_tfm_node(const char *alg_name,
- const struct crypto_type *frontend, u32 type, u32 mask,
- int node);
+DECLARE_CRYPTO_API(crypto_alloc_tfm_node, void *,
+ (const char *alg_name, const struct crypto_type *frontend, u32 type, u32 mask, int node),
+ (alg_name, frontend, type, mask, node));
static inline void *crypto_alloc_tfm(const char *alg_name,
const struct crypto_type *frontend, u32 type, u32 mask)
@@ -155,7 +169,9 @@ static inline void *crypto_alloc_tfm(const char *alg_name,
return crypto_alloc_tfm_node(alg_name, frontend, type, mask, NUMA_NO_NODE);
}
-int crypto_probing_notify(unsigned long val, void *v);
+DECLARE_CRYPTO_API(crypto_probing_notify, int,
+ (unsigned long val, void *v),
+ (val, v));
DECLARE_CRYPTO_API(crypto_alg_extsize, unsigned int,
(struct crypto_alg *alg),
@@ -171,7 +187,9 @@ static inline struct crypto_alg *crypto_alg_get(struct crypto_alg *alg)
return alg;
}
-void crypto_destroy_alg(struct crypto_alg *alg);
+DECLARE_CRYPTO_API(crypto_destroy_alg, void,
+ (struct crypto_alg *alg),
+ (alg));
static inline void crypto_alg_put(struct crypto_alg *alg)
{
diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h
index 9d7505b7f029..9844f3b0cb0a 100644
--- a/include/crypto/algapi.h
+++ b/include/crypto/algapi.h
@@ -133,7 +133,9 @@ DECLARE_CRYPTO_API(crypto_unregister_algs, void,
(struct crypto_alg *algs, int count),
(algs, count));
-void crypto_mod_put(struct crypto_alg *alg);
+DECLARE_CRYPTO_API(crypto_mod_put, void,
+ (struct crypto_alg *alg),
+ (alg));
DECLARE_CRYPTO_API(crypto_register_template, int,
(struct crypto_template *tmpl),
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 737e53a642d4..e4b356a3b27d 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -12,6 +12,7 @@
#ifndef _LINUX_CRYPTO_H
#define _LINUX_CRYPTO_H
+#include <crypto/api.h>
#include <linux/completion.h>
#include <linux/errno.h>
#include <linux/refcount_types.h>
@@ -384,7 +385,9 @@ struct crypto_wait {
/*
* Async ops completion helper functioons
*/
-void crypto_req_done(void *req, int err);
+DECLARE_CRYPTO_API(crypto_req_done, void,
+ (void *req, int err),
+ (req, err));
static inline int crypto_wait_req(int err, struct crypto_wait *wait)
{
@@ -408,7 +411,9 @@ static inline void crypto_init_wait(struct crypto_wait *wait)
/*
* Algorithm query interface.
*/
-int crypto_has_alg(const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_has_alg, int,
+ (const char *name, u32 type, u32 mask),
+ (name, type, mask));
/*
* Transforms: user-instantiated objects which encapsulate algorithms
@@ -436,8 +441,12 @@ struct crypto_tfm {
* Transform user interface.
*/
-struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask);
-void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm);
+DECLARE_CRYPTO_API(crypto_alloc_base, struct crypto_tfm *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
+DECLARE_CRYPTO_API(crypto_destroy_tfm, void,
+ (void *mem, struct crypto_tfm *tfm),
+ (mem, tfm));
static inline void crypto_free_tfm(struct crypto_tfm *tfm)
{
@@ -522,8 +531,10 @@ static inline void crypto_request_set_tfm(struct crypto_async_request *req,
req->flags &= ~CRYPTO_TFM_REQ_ON_STACK;
}
-struct crypto_async_request *crypto_request_clone(
- struct crypto_async_request *req, size_t total, gfp_t gfp);
+DECLARE_CRYPTO_API(crypto_request_clone, struct crypto_async_request *,
+ (
+ struct crypto_async_request *req, size_t total, gfp_t gfp),
+ (req, total, gfp));
static inline void crypto_stack_request_init(struct crypto_async_request *req,
struct crypto_tfm *tfm)
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 036/104] crypto: fips140: convert crypto/authenc.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (34 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 035/104] crypto: fips140: convert crypto/api.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 037/104] crypto: fips140: convert crypto/authencesn.c " Vegard Nossum
` (68 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_AUTHENC --source crypto/authenc.c --header include/crypto/authenc.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/authenc.c | 8 ++++----
crypto/fips140-api.c | 11 +++++++++++
include/crypto/authenc.h | 6 ++++--
3 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/crypto/authenc.c b/crypto/authenc.c
index a723769c8777..4fcb42a66e80 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -41,7 +41,7 @@ static void authenc_request_complete(struct aead_request *req, int err)
aead_request_complete(req, err);
}
-int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
+int CRYPTO_API(crypto_authenc_extractkeys)(struct crypto_authenc_keys *keys, const u8 *key,
unsigned int keylen)
{
struct rtattr *rta = (struct rtattr *)key;
@@ -77,7 +77,7 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_authenc_extractkeys);
+DEFINE_CRYPTO_API(crypto_authenc_extractkeys);
static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key,
unsigned int keylen)
@@ -421,8 +421,8 @@ static void __exit crypto_authenc_module_exit(void)
crypto_unregister_template(&crypto_authenc_tmpl);
}
-module_init(crypto_authenc_module_init);
-module_exit(crypto_authenc_module_exit);
+crypto_module_init(crypto_authenc_module_init);
+crypto_module_exit(crypto_authenc_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index f5cf473f1f25..df1dfcd5cf22 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -302,3 +302,14 @@ DEFINE_CRYPTO_API_STUB(crypto_destroy_alg);
#endif
+/*
+ * crypto/authenc.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_AUTHENC)
+
+#include <crypto/authenc.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_authenc_extractkeys);
+
+#endif
+
diff --git a/include/crypto/authenc.h b/include/crypto/authenc.h
index 15a9caa2354a..2f01a570e899 100644
--- a/include/crypto/authenc.h
+++ b/include/crypto/authenc.h
@@ -7,6 +7,7 @@
#ifndef _CRYPTO_AUTHENC_H
#define _CRYPTO_AUTHENC_H
+#include <crypto/api.h>
#include <linux/types.h>
enum {
@@ -26,8 +27,9 @@ struct crypto_authenc_keys {
unsigned int enckeylen;
};
-int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
- unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_authenc_extractkeys, int,
+ (struct crypto_authenc_keys *keys, const u8 *key, unsigned int keylen),
+ (keys, key, keylen));
int crypto_krb5enc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
unsigned int keylen);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 037/104] crypto: fips140: convert crypto/authencesn.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (35 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 036/104] crypto: fips140: convert crypto/authenc.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 038/104] crypto: fips140: convert crypto/cbc.c " Vegard Nossum
` (67 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_AUTHENC --source crypto/authencesn.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/authencesn.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/authencesn.c b/crypto/authencesn.c
index d1bf0fda3f2e..caed4eaec6a6 100644
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -433,8 +433,8 @@ static void __exit crypto_authenc_esn_module_exit(void)
crypto_unregister_template(&crypto_authenc_esn_tmpl);
}
-module_init(crypto_authenc_esn_module_init);
-module_exit(crypto_authenc_esn_module_exit);
+crypto_module_init(crypto_authenc_esn_module_init);
+crypto_module_exit(crypto_authenc_esn_module_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Steffen Klassert <steffen.klassert@secunet.com>");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 038/104] crypto: fips140: convert crypto/cbc.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (36 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 037/104] crypto: fips140: convert crypto/authencesn.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 039/104] crypto: fips140: convert crypto/ccm.c " Vegard Nossum
` (66 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_CBC --source crypto/cbc.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/cbc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/cbc.c b/crypto/cbc.c
index ed3df6246765..03ee7008ab12 100644
--- a/crypto/cbc.c
+++ b/crypto/cbc.c
@@ -179,8 +179,8 @@ static void __exit crypto_cbc_module_exit(void)
crypto_unregister_template(&crypto_cbc_tmpl);
}
-module_init(crypto_cbc_module_init);
-module_exit(crypto_cbc_module_exit);
+crypto_module_init(crypto_cbc_module_init);
+crypto_module_exit(crypto_cbc_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("CBC block cipher mode of operation");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 039/104] crypto: fips140: convert crypto/ccm.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (37 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 038/104] crypto: fips140: convert crypto/cbc.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 040/104] crypto: fips140: convert crypto/cipher.c " Vegard Nossum
` (65 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_CCM --source crypto/ccm.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ccm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ccm.c b/crypto/ccm.c
index 2ae929ffdef8..e76946e05b5e 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -929,8 +929,8 @@ static void __exit crypto_ccm_module_exit(void)
ARRAY_SIZE(crypto_ccm_tmpls));
}
-module_init(crypto_ccm_module_init);
-module_exit(crypto_ccm_module_exit);
+crypto_module_init(crypto_ccm_module_init);
+crypto_module_exit(crypto_ccm_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Counter with CBC MAC");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 040/104] crypto: fips140: convert crypto/cipher.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (38 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 039/104] crypto: fips140: convert crypto/ccm.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 041/104] crypto: fips140: convert crypto/cmac.c " Vegard Nossum
` (64 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO --source crypto/cipher.c --header include/crypto/internal/cipher.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/cipher.c | 16 ++++++++--------
crypto/fips140-api.c | 14 ++++++++++++++
include/crypto/internal/cipher.h | 20 +++++++++++++-------
3 files changed, 35 insertions(+), 15 deletions(-)
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 1fe62bf79656..7aeb577ac388 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -39,7 +39,7 @@ static int setkey_unaligned(struct crypto_cipher *tfm, const u8 *key,
}
-int crypto_cipher_setkey(struct crypto_cipher *tfm,
+int CRYPTO_API(crypto_cipher_setkey)(struct crypto_cipher *tfm,
const u8 *key, unsigned int keylen)
{
struct cipher_alg *cia = crypto_cipher_alg(tfm);
@@ -53,7 +53,7 @@ int crypto_cipher_setkey(struct crypto_cipher *tfm,
return cia->cia_setkey(crypto_cipher_tfm(tfm), key, keylen);
}
-EXPORT_SYMBOL_NS_GPL(crypto_cipher_setkey, "CRYPTO_INTERNAL");
+DEFINE_CRYPTO_API(crypto_cipher_setkey);
static inline void cipher_crypt_one(struct crypto_cipher *tfm,
u8 *dst, const u8 *src, bool enc)
@@ -76,21 +76,21 @@ static inline void cipher_crypt_one(struct crypto_cipher *tfm,
}
}
-void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
+void CRYPTO_API(crypto_cipher_encrypt_one)(struct crypto_cipher *tfm,
u8 *dst, const u8 *src)
{
cipher_crypt_one(tfm, dst, src, true);
}
-EXPORT_SYMBOL_NS_GPL(crypto_cipher_encrypt_one, "CRYPTO_INTERNAL");
+DEFINE_CRYPTO_API(crypto_cipher_encrypt_one);
-void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
+void CRYPTO_API(crypto_cipher_decrypt_one)(struct crypto_cipher *tfm,
u8 *dst, const u8 *src)
{
cipher_crypt_one(tfm, dst, src, false);
}
-EXPORT_SYMBOL_NS_GPL(crypto_cipher_decrypt_one, "CRYPTO_INTERNAL");
+DEFINE_CRYPTO_API(crypto_cipher_decrypt_one);
-struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher)
+struct crypto_cipher *CRYPTO_API(crypto_clone_cipher)(struct crypto_cipher *cipher)
{
struct crypto_tfm *tfm = crypto_cipher_tfm(cipher);
struct crypto_alg *alg = tfm->__crt_alg;
@@ -116,4 +116,4 @@ struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher)
return ncipher;
}
-EXPORT_SYMBOL_GPL(crypto_clone_cipher);
+DEFINE_CRYPTO_API(crypto_clone_cipher);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index df1dfcd5cf22..c05fc645a5b6 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -313,3 +313,17 @@ DEFINE_CRYPTO_API_STUB(crypto_authenc_extractkeys);
#endif
+/*
+ * crypto/cipher.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO)
+
+#include <crypto/internal/cipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_cipher_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_cipher_encrypt_one);
+DEFINE_CRYPTO_API_STUB(crypto_cipher_decrypt_one);
+DEFINE_CRYPTO_API_STUB(crypto_clone_cipher);
+
+#endif
+
diff --git a/include/crypto/internal/cipher.h b/include/crypto/internal/cipher.h
index 5030f6d2df31..13c48b20879c 100644
--- a/include/crypto/internal/cipher.h
+++ b/include/crypto/internal/cipher.h
@@ -11,6 +11,7 @@
#ifndef _CRYPTO_INTERNAL_CIPHER_H
#define _CRYPTO_INTERNAL_CIPHER_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
struct crypto_cipher {
@@ -149,8 +150,9 @@ static inline void crypto_cipher_clear_flags(struct crypto_cipher *tfm,
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_cipher_setkey(struct crypto_cipher *tfm,
- const u8 *key, unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_cipher_setkey, int,
+ (struct crypto_cipher *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
/**
* crypto_cipher_encrypt_one() - encrypt one block of plaintext
@@ -161,8 +163,9 @@ int crypto_cipher_setkey(struct crypto_cipher *tfm,
* Invoke the encryption operation of one block. The caller must ensure that
* the plaintext and ciphertext buffers are at least one block in size.
*/
-void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
- u8 *dst, const u8 *src);
+DECLARE_CRYPTO_API(crypto_cipher_encrypt_one, void,
+ (struct crypto_cipher *tfm, u8 *dst, const u8 *src),
+ (tfm, dst, src));
/**
* crypto_cipher_decrypt_one() - decrypt one block of ciphertext
@@ -173,10 +176,13 @@ void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
* Invoke the decryption operation of one block. The caller must ensure that
* the plaintext and ciphertext buffers are at least one block in size.
*/
-void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
- u8 *dst, const u8 *src);
+DECLARE_CRYPTO_API(crypto_cipher_decrypt_one, void,
+ (struct crypto_cipher *tfm, u8 *dst, const u8 *src),
+ (tfm, dst, src));
-struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher);
+DECLARE_CRYPTO_API(crypto_clone_cipher, struct crypto_cipher *,
+ (struct crypto_cipher *cipher),
+ (cipher));
struct crypto_cipher_spawn {
struct crypto_spawn base;
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 041/104] crypto: fips140: convert crypto/cmac.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (39 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 040/104] crypto: fips140: convert crypto/cipher.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 042/104] crypto: fips140: convert crypto/cryptd.c " Vegard Nossum
` (63 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_CMAC --source crypto/cmac.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/cmac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/cmac.c b/crypto/cmac.c
index 1b03964abe00..f898c4612312 100644
--- a/crypto/cmac.c
+++ b/crypto/cmac.c
@@ -251,8 +251,8 @@ static void __exit crypto_cmac_module_exit(void)
crypto_unregister_template(&crypto_cmac_tmpl);
}
-module_init(crypto_cmac_module_init);
-module_exit(crypto_cmac_module_exit);
+crypto_module_init(crypto_cmac_module_init);
+crypto_module_exit(crypto_cmac_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("CMAC keyed hash algorithm");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 042/104] crypto: fips140: convert crypto/cryptd.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (40 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 041/104] crypto: fips140: convert crypto/cmac.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 043/104] crypto: fips140: convert crypto/ctr.c " Vegard Nossum
` (62 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_CRYPTD --source crypto/cryptd.c --header include/crypto/cryptd.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/cryptd.c | 58 ++++++++++++++++++++---------------------
crypto/fips140-api.c | 23 ++++++++++++++++
include/crypto/cryptd.h | 56 +++++++++++++++++++++++++++------------
3 files changed, 92 insertions(+), 45 deletions(-)
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index efff54e707cb..36aa07af29b2 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -646,7 +646,7 @@ static int cryptd_hash_import(struct ahash_request *req, const void *in)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
- struct shash_desc *desc = cryptd_shash_desc(req);
+ struct shash_desc *desc = CRYPTO_API(cryptd_shash_desc)(req);
desc->tfm = ctx->child;
@@ -952,7 +952,7 @@ static struct crypto_template cryptd_tmpl = {
.module = THIS_MODULE,
};
-struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
+struct cryptd_skcipher *CRYPTO_API(cryptd_alloc_skcipher)(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
@@ -977,34 +977,34 @@ struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
return container_of(tfm, struct cryptd_skcipher, base);
}
-EXPORT_SYMBOL_GPL(cryptd_alloc_skcipher);
+DEFINE_CRYPTO_API(cryptd_alloc_skcipher);
-struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm)
+struct crypto_skcipher *CRYPTO_API(cryptd_skcipher_child)(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
return ctx->child;
}
-EXPORT_SYMBOL_GPL(cryptd_skcipher_child);
+DEFINE_CRYPTO_API(cryptd_skcipher_child);
-bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm)
+bool CRYPTO_API(cryptd_skcipher_queued)(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
return refcount_read(&ctx->refcnt) - 1;
}
-EXPORT_SYMBOL_GPL(cryptd_skcipher_queued);
+DEFINE_CRYPTO_API(cryptd_skcipher_queued);
-void cryptd_free_skcipher(struct cryptd_skcipher *tfm)
+void CRYPTO_API(cryptd_free_skcipher)(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_skcipher(&tfm->base);
}
-EXPORT_SYMBOL_GPL(cryptd_free_skcipher);
+DEFINE_CRYPTO_API(cryptd_free_skcipher);
-struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
+struct cryptd_ahash *CRYPTO_API(cryptd_alloc_ahash)(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
@@ -1027,41 +1027,41 @@ struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
return __cryptd_ahash_cast(tfm);
}
-EXPORT_SYMBOL_GPL(cryptd_alloc_ahash);
+DEFINE_CRYPTO_API(cryptd_alloc_ahash);
-struct crypto_shash *cryptd_ahash_child(struct cryptd_ahash *tfm)
+struct crypto_shash *CRYPTO_API(cryptd_ahash_child)(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
return ctx->child;
}
-EXPORT_SYMBOL_GPL(cryptd_ahash_child);
+DEFINE_CRYPTO_API(cryptd_ahash_child);
-struct shash_desc *cryptd_shash_desc(struct ahash_request *req)
+struct shash_desc *CRYPTO_API(cryptd_shash_desc)(struct ahash_request *req)
{
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
return &rctx->desc;
}
-EXPORT_SYMBOL_GPL(cryptd_shash_desc);
+DEFINE_CRYPTO_API(cryptd_shash_desc);
-bool cryptd_ahash_queued(struct cryptd_ahash *tfm)
+bool CRYPTO_API(cryptd_ahash_queued)(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
return refcount_read(&ctx->refcnt) - 1;
}
-EXPORT_SYMBOL_GPL(cryptd_ahash_queued);
+DEFINE_CRYPTO_API(cryptd_ahash_queued);
-void cryptd_free_ahash(struct cryptd_ahash *tfm)
+void CRYPTO_API(cryptd_free_ahash)(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_ahash(&tfm->base);
}
-EXPORT_SYMBOL_GPL(cryptd_free_ahash);
+DEFINE_CRYPTO_API(cryptd_free_ahash);
-struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
+struct cryptd_aead *CRYPTO_API(cryptd_alloc_aead)(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
@@ -1084,32 +1084,32 @@ struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
return __cryptd_aead_cast(tfm);
}
-EXPORT_SYMBOL_GPL(cryptd_alloc_aead);
+DEFINE_CRYPTO_API(cryptd_alloc_aead);
-struct crypto_aead *cryptd_aead_child(struct cryptd_aead *tfm)
+struct crypto_aead *CRYPTO_API(cryptd_aead_child)(struct cryptd_aead *tfm)
{
struct cryptd_aead_ctx *ctx;
ctx = crypto_aead_ctx(&tfm->base);
return ctx->child;
}
-EXPORT_SYMBOL_GPL(cryptd_aead_child);
+DEFINE_CRYPTO_API(cryptd_aead_child);
-bool cryptd_aead_queued(struct cryptd_aead *tfm)
+bool CRYPTO_API(cryptd_aead_queued)(struct cryptd_aead *tfm)
{
struct cryptd_aead_ctx *ctx = crypto_aead_ctx(&tfm->base);
return refcount_read(&ctx->refcnt) - 1;
}
-EXPORT_SYMBOL_GPL(cryptd_aead_queued);
+DEFINE_CRYPTO_API(cryptd_aead_queued);
-void cryptd_free_aead(struct cryptd_aead *tfm)
+void CRYPTO_API(cryptd_free_aead)(struct cryptd_aead *tfm)
{
struct cryptd_aead_ctx *ctx = crypto_aead_ctx(&tfm->base);
if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_aead(&tfm->base);
}
-EXPORT_SYMBOL_GPL(cryptd_free_aead);
+DEFINE_CRYPTO_API(cryptd_free_aead);
static int __init cryptd_init(void)
{
@@ -1144,8 +1144,8 @@ static void __exit cryptd_exit(void)
crypto_unregister_template(&cryptd_tmpl);
}
-module_init(cryptd_init);
-module_exit(cryptd_exit);
+crypto_module_init(cryptd_init);
+crypto_module_exit(cryptd_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Software async crypto daemon");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index c05fc645a5b6..816a55809f4a 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -327,3 +327,26 @@ DEFINE_CRYPTO_API_STUB(crypto_clone_cipher);
#endif
+/*
+ * crypto/cryptd.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_CRYPTD)
+
+#include <crypto/cryptd.h>
+
+DEFINE_CRYPTO_API_STUB(cryptd_alloc_skcipher);
+DEFINE_CRYPTO_API_STUB(cryptd_skcipher_child);
+DEFINE_CRYPTO_API_STUB(cryptd_skcipher_queued);
+DEFINE_CRYPTO_API_STUB(cryptd_free_skcipher);
+DEFINE_CRYPTO_API_STUB(cryptd_alloc_ahash);
+DEFINE_CRYPTO_API_STUB(cryptd_ahash_child);
+DEFINE_CRYPTO_API_STUB(cryptd_shash_desc);
+DEFINE_CRYPTO_API_STUB(cryptd_ahash_queued);
+DEFINE_CRYPTO_API_STUB(cryptd_free_ahash);
+DEFINE_CRYPTO_API_STUB(cryptd_alloc_aead);
+DEFINE_CRYPTO_API_STUB(cryptd_aead_child);
+DEFINE_CRYPTO_API_STUB(cryptd_aead_queued);
+DEFINE_CRYPTO_API_STUB(cryptd_free_aead);
+
+#endif
+
diff --git a/include/crypto/cryptd.h b/include/crypto/cryptd.h
index 796d986e58e1..42de15e2cd52 100644
--- a/include/crypto/cryptd.h
+++ b/include/crypto/cryptd.h
@@ -13,6 +13,7 @@
#ifndef _CRYPTO_CRYPT_H
#define _CRYPTO_CRYPT_H
+#include <crypto/api.h>
#include <linux/types.h>
#include <crypto/aead.h>
@@ -24,12 +25,19 @@ struct cryptd_skcipher {
};
/* alg_name should be algorithm to be cryptd-ed */
-struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
- u32 type, u32 mask);
-struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm);
+DECLARE_CRYPTO_API(cryptd_alloc_skcipher, struct cryptd_skcipher *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
+DECLARE_CRYPTO_API(cryptd_skcipher_child, struct crypto_skcipher *,
+ (struct cryptd_skcipher *tfm),
+ (tfm));
/* Must be called without moving CPUs. */
-bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm);
-void cryptd_free_skcipher(struct cryptd_skcipher *tfm);
+DECLARE_CRYPTO_API(cryptd_skcipher_queued, bool,
+ (struct cryptd_skcipher *tfm),
+ (tfm));
+DECLARE_CRYPTO_API(cryptd_free_skcipher, void,
+ (struct cryptd_skcipher *tfm),
+ (tfm));
struct cryptd_ahash {
struct crypto_ahash base;
@@ -42,13 +50,22 @@ static inline struct cryptd_ahash *__cryptd_ahash_cast(
}
/* alg_name should be algorithm to be cryptd-ed */
-struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
- u32 type, u32 mask);
-struct crypto_shash *cryptd_ahash_child(struct cryptd_ahash *tfm);
-struct shash_desc *cryptd_shash_desc(struct ahash_request *req);
+DECLARE_CRYPTO_API(cryptd_alloc_ahash, struct cryptd_ahash *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
+DECLARE_CRYPTO_API(cryptd_ahash_child, struct crypto_shash *,
+ (struct cryptd_ahash *tfm),
+ (tfm));
+DECLARE_CRYPTO_API(cryptd_shash_desc, struct shash_desc *,
+ (struct ahash_request *req),
+ (req));
/* Must be called without moving CPUs. */
-bool cryptd_ahash_queued(struct cryptd_ahash *tfm);
-void cryptd_free_ahash(struct cryptd_ahash *tfm);
+DECLARE_CRYPTO_API(cryptd_ahash_queued, bool,
+ (struct cryptd_ahash *tfm),
+ (tfm));
+DECLARE_CRYPTO_API(cryptd_free_ahash, void,
+ (struct cryptd_ahash *tfm),
+ (tfm));
struct cryptd_aead {
struct crypto_aead base;
@@ -60,13 +77,20 @@ static inline struct cryptd_aead *__cryptd_aead_cast(
return (struct cryptd_aead *)tfm;
}
-struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(cryptd_alloc_aead, struct cryptd_aead *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
-struct crypto_aead *cryptd_aead_child(struct cryptd_aead *tfm);
+DECLARE_CRYPTO_API(cryptd_aead_child, struct crypto_aead *,
+ (struct cryptd_aead *tfm),
+ (tfm));
/* Must be called without moving CPUs. */
-bool cryptd_aead_queued(struct cryptd_aead *tfm);
+DECLARE_CRYPTO_API(cryptd_aead_queued, bool,
+ (struct cryptd_aead *tfm),
+ (tfm));
-void cryptd_free_aead(struct cryptd_aead *tfm);
+DECLARE_CRYPTO_API(cryptd_free_aead, void,
+ (struct cryptd_aead *tfm),
+ (tfm));
#endif
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 043/104] crypto: fips140: convert crypto/ctr.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (41 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 042/104] crypto: fips140: convert crypto/cryptd.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 044/104] crypto: fips140: convert crypto/dh.c " Vegard Nossum
` (61 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_CTR --source crypto/ctr.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ctr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ctr.c b/crypto/ctr.c
index a388f0ceb3a0..fa67cf6de4b1 100644
--- a/crypto/ctr.c
+++ b/crypto/ctr.c
@@ -350,8 +350,8 @@ static void __exit crypto_ctr_module_exit(void)
ARRAY_SIZE(crypto_ctr_tmpls));
}
-module_init(crypto_ctr_module_init);
-module_exit(crypto_ctr_module_exit);
+crypto_module_init(crypto_ctr_module_init);
+crypto_module_exit(crypto_ctr_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("CTR block cipher mode of operation");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 044/104] crypto: fips140: convert crypto/dh.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (42 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 043/104] crypto: fips140: convert crypto/ctr.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 045/104] crypto: fips140: convert crypto/dh_helper.c " Vegard Nossum
` (60 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_DH --source crypto/dh.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/dh.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/dh.c b/crypto/dh.c
index 1d80213574b3..4102038161bc 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -920,8 +920,8 @@ static void __exit dh_exit(void)
crypto_unregister_kpp(&dh);
}
-module_init(dh_init);
-module_exit(dh_exit);
+crypto_module_init(dh_init);
+crypto_module_exit(dh_exit);
MODULE_ALIAS_CRYPTO("dh");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("DH generic algorithm");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 045/104] crypto: fips140: convert crypto/dh_helper.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (43 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 044/104] crypto: fips140: convert crypto/dh.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 046/104] crypto: fips140: convert crypto/drbg.c " Vegard Nossum
` (59 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_DH --source crypto/dh_helper.c --header include/crypto/dh.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/dh_helper.c | 12 ++++++------
crypto/fips140-api.c | 13 +++++++++++++
include/crypto/dh.h | 12 +++++++++---
3 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
index 2d499879328b..d3001289d152 100644
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
@@ -31,13 +31,13 @@ static inline unsigned int dh_data_size(const struct dh *p)
return p->key_size + p->p_size + p->g_size;
}
-unsigned int crypto_dh_key_len(const struct dh *p)
+unsigned int CRYPTO_API(crypto_dh_key_len)(const struct dh *p)
{
return DH_KPP_SECRET_MIN_SIZE + dh_data_size(p);
}
-EXPORT_SYMBOL_GPL(crypto_dh_key_len);
+DEFINE_CRYPTO_API(crypto_dh_key_len);
-int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params)
+int CRYPTO_API(crypto_dh_encode_key)(char *buf, unsigned int len, const struct dh *params)
{
u8 *ptr = buf;
u8 * const end = ptr + len;
@@ -61,7 +61,7 @@ int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params)
return -EINVAL;
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_dh_encode_key);
+DEFINE_CRYPTO_API(crypto_dh_encode_key);
int __crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
{
@@ -91,7 +91,7 @@ int __crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
return 0;
}
-int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
+int CRYPTO_API(crypto_dh_decode_key)(const char *buf, unsigned int len, struct dh *params)
{
int err;
@@ -117,4 +117,4 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_dh_decode_key);
+DEFINE_CRYPTO_API(crypto_dh_decode_key);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 816a55809f4a..600c759cbc5e 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -350,3 +350,16 @@ DEFINE_CRYPTO_API_STUB(cryptd_free_aead);
#endif
+/*
+ * crypto/dh_helper.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_DH)
+
+#include <crypto/dh.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_dh_key_len);
+DEFINE_CRYPTO_API_STUB(crypto_dh_encode_key);
+DEFINE_CRYPTO_API_STUB(crypto_dh_decode_key);
+
+#endif
+
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index b5891c21cfe0..f876d46b16d6 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -50,7 +50,9 @@ struct dh {
*
* Return: size of the key in bytes
*/
-unsigned int crypto_dh_key_len(const struct dh *params);
+DECLARE_CRYPTO_API(crypto_dh_key_len, unsigned int,
+ (const struct dh *params),
+ (params));
/**
* crypto_dh_encode_key() - encode the private key
@@ -65,7 +67,9 @@ unsigned int crypto_dh_key_len(const struct dh *params);
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
-int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params);
+DECLARE_CRYPTO_API(crypto_dh_encode_key, int,
+ (char *buf, unsigned int len, const struct dh *params),
+ (buf, len, params));
/**
* crypto_dh_decode_key() - decode a private key
@@ -79,7 +83,9 @@ int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params);
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
-int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params);
+DECLARE_CRYPTO_API(crypto_dh_decode_key, int,
+ (const char *buf, unsigned int len, struct dh *params),
+ (buf, len, params));
/**
* __crypto_dh_decode_key() - decode a private key without parameter checks
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 046/104] crypto: fips140: convert crypto/drbg.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (44 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 045/104] crypto: fips140: convert crypto/dh_helper.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 047/104] crypto: fips140: convert crypto/ecb.c " Vegard Nossum
` (58 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_DRBG --source crypto/drbg.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/drbg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index dbe4c8bb5ceb..64280ce5beec 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -2132,8 +2132,8 @@ static void __exit drbg_exit(void)
crypto_unregister_rngs(drbg_algs, (ARRAY_SIZE(drbg_cores) * 2));
}
-module_init(drbg_init);
-module_exit(drbg_exit);
+crypto_module_init(drbg_init);
+crypto_module_exit(drbg_exit);
#ifndef CRYPTO_DRBG_HASH_STRING
#define CRYPTO_DRBG_HASH_STRING ""
#endif
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 047/104] crypto: fips140: convert crypto/ecb.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (45 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 046/104] crypto: fips140: convert crypto/drbg.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 048/104] crypto: fips140: convert crypto/ecc.c " Vegard Nossum
` (57 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECB --source crypto/ecb.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ecb.c b/crypto/ecb.c
index cd1b20456dad..20127b20f483 100644
--- a/crypto/ecb.c
+++ b/crypto/ecb.c
@@ -219,8 +219,8 @@ static void __exit crypto_ecb_module_exit(void)
crypto_unregister_template(&crypto_ecb_tmpl);
}
-module_init(crypto_ecb_module_init);
-module_exit(crypto_ecb_module_exit);
+crypto_module_init(crypto_ecb_module_init);
+crypto_module_exit(crypto_ecb_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("ECB block cipher mode of operation");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 048/104] crypto: fips140: convert crypto/ecc.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (46 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 047/104] crypto: fips140: convert crypto/ecb.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 049/104] crypto: fips140: convert crypto/ecdh.c " Vegard Nossum
` (56 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECC --source crypto/ecc.c --header include/crypto/ecc_curve.h include/crypto/internal/ecc.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecc.c | 84 ++++++++++++++++----------------
crypto/fips140-api.c | 34 +++++++++++++
include/crypto/ecc_curve.h | 9 +++-
include/crypto/internal/ecc.h | 91 ++++++++++++++++++++++-------------
4 files changed, 141 insertions(+), 77 deletions(-)
diff --git a/crypto/ecc.c b/crypto/ecc.c
index c9f82626177b..b28832e1aaea 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -44,13 +44,13 @@ typedef struct {
} uint128_t;
/* Returns curv25519 curve param */
-const struct ecc_curve *ecc_get_curve25519(void)
+const struct ecc_curve *CRYPTO_API(ecc_get_curve25519)(void)
{
return &ecc_25519;
}
-EXPORT_SYMBOL(ecc_get_curve25519);
+DEFINE_CRYPTO_API(ecc_get_curve25519);
-const struct ecc_curve *ecc_get_curve(unsigned int curve_id)
+const struct ecc_curve *CRYPTO_API(ecc_get_curve)(unsigned int curve_id)
{
switch (curve_id) {
/* In FIPS mode only allow P256 and higher */
@@ -66,9 +66,9 @@ const struct ecc_curve *ecc_get_curve(unsigned int curve_id)
return NULL;
}
}
-EXPORT_SYMBOL(ecc_get_curve);
+DEFINE_CRYPTO_API(ecc_get_curve);
-void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
+void CRYPTO_API(ecc_digits_from_bytes)(const u8 *in, unsigned int nbytes,
u64 *out, unsigned int ndigits)
{
int diff = ndigits - DIV_ROUND_UP_POW2(nbytes, sizeof(u64));
@@ -88,7 +88,7 @@ void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
}
ecc_swap_digits(in, out, ndigits);
}
-EXPORT_SYMBOL(ecc_digits_from_bytes);
+DEFINE_CRYPTO_API(ecc_digits_from_bytes);
static u64 *ecc_alloc_digits_space(unsigned int ndigits)
{
@@ -105,7 +105,7 @@ static void ecc_free_digits_space(u64 *space)
kfree_sensitive(space);
}
-struct ecc_point *ecc_alloc_point(unsigned int ndigits)
+struct ecc_point *CRYPTO_API(ecc_alloc_point)(unsigned int ndigits)
{
struct ecc_point *p = kmalloc(sizeof(*p), GFP_KERNEL);
@@ -130,9 +130,9 @@ struct ecc_point *ecc_alloc_point(unsigned int ndigits)
kfree(p);
return NULL;
}
-EXPORT_SYMBOL(ecc_alloc_point);
+DEFINE_CRYPTO_API(ecc_alloc_point);
-void ecc_free_point(struct ecc_point *p)
+void CRYPTO_API(ecc_free_point)(struct ecc_point *p)
{
if (!p)
return;
@@ -141,7 +141,7 @@ void ecc_free_point(struct ecc_point *p)
kfree_sensitive(p->y);
kfree_sensitive(p);
}
-EXPORT_SYMBOL(ecc_free_point);
+DEFINE_CRYPTO_API(ecc_free_point);
static void vli_clear(u64 *vli, unsigned int ndigits)
{
@@ -152,7 +152,7 @@ static void vli_clear(u64 *vli, unsigned int ndigits)
}
/* Returns true if vli == 0, false otherwise. */
-bool vli_is_zero(const u64 *vli, unsigned int ndigits)
+bool CRYPTO_API(vli_is_zero)(const u64 *vli, unsigned int ndigits)
{
int i;
@@ -163,7 +163,7 @@ bool vli_is_zero(const u64 *vli, unsigned int ndigits)
return true;
}
-EXPORT_SYMBOL(vli_is_zero);
+DEFINE_CRYPTO_API(vli_is_zero);
/* Returns nonzero if bit of vli is set. */
static u64 vli_test_bit(const u64 *vli, unsigned int bit)
@@ -191,7 +191,7 @@ static unsigned int vli_num_digits(const u64 *vli, unsigned int ndigits)
}
/* Counts the number of bits required for vli. */
-unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits)
+unsigned int CRYPTO_API(vli_num_bits)(const u64 *vli, unsigned int ndigits)
{
unsigned int i, num_digits;
u64 digit;
@@ -206,10 +206,10 @@ unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits)
return ((num_digits - 1) * 64 + i);
}
-EXPORT_SYMBOL(vli_num_bits);
+DEFINE_CRYPTO_API(vli_num_bits);
/* Set dest from unaligned bit string src. */
-void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits)
+void CRYPTO_API(vli_from_be64)(u64 *dest, const void *src, unsigned int ndigits)
{
int i;
const u64 *from = src;
@@ -217,9 +217,9 @@ void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits)
for (i = 0; i < ndigits; i++)
dest[i] = get_unaligned_be64(&from[ndigits - 1 - i]);
}
-EXPORT_SYMBOL(vli_from_be64);
+DEFINE_CRYPTO_API(vli_from_be64);
-void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits)
+void CRYPTO_API(vli_from_le64)(u64 *dest, const void *src, unsigned int ndigits)
{
int i;
const u64 *from = src;
@@ -227,7 +227,7 @@ void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits)
for (i = 0; i < ndigits; i++)
dest[i] = get_unaligned_le64(&from[i]);
}
-EXPORT_SYMBOL(vli_from_le64);
+DEFINE_CRYPTO_API(vli_from_le64);
/* Sets dest = src. */
static void vli_set(u64 *dest, const u64 *src, unsigned int ndigits)
@@ -239,7 +239,7 @@ static void vli_set(u64 *dest, const u64 *src, unsigned int ndigits)
}
/* Returns sign of left - right. */
-int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits)
+int CRYPTO_API(vli_cmp)(const u64 *left, const u64 *right, unsigned int ndigits)
{
int i;
@@ -252,7 +252,7 @@ int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits)
return 0;
}
-EXPORT_SYMBOL(vli_cmp);
+DEFINE_CRYPTO_API(vli_cmp);
/* Computes result = in << c, returning carry. Can modify in place
* (if result == in). 0 < shift < 64.
@@ -331,7 +331,7 @@ static u64 vli_uadd(u64 *result, const u64 *left, u64 right,
}
/* Computes result = left - right, returning borrow. Can modify in place. */
-u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
+u64 CRYPTO_API(vli_sub)(u64 *result, const u64 *left, const u64 *right,
unsigned int ndigits)
{
u64 borrow = 0;
@@ -349,7 +349,7 @@ u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
return borrow;
}
-EXPORT_SYMBOL(vli_sub);
+DEFINE_CRYPTO_API(vli_sub);
/* Computes result = left - right, returning borrow. Can modify in place. */
static u64 vli_usub(u64 *result, const u64 *left, u64 right,
@@ -1001,7 +1001,7 @@ static bool vli_mmod_fast(u64 *result, u64 *product,
/* Computes result = (left * right) % mod.
* Assumes that mod is big enough curve order.
*/
-void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
+void CRYPTO_API(vli_mod_mult_slow)(u64 *result, const u64 *left, const u64 *right,
const u64 *mod, unsigned int ndigits)
{
u64 product[ECC_MAX_DIGITS * 2];
@@ -1009,7 +1009,7 @@ void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
vli_mult(product, left, right, ndigits);
vli_mmod_slow(result, product, mod, ndigits);
}
-EXPORT_SYMBOL(vli_mod_mult_slow);
+DEFINE_CRYPTO_API(vli_mod_mult_slow);
/* Computes result = (left * right) % curve_prime. */
static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right,
@@ -1036,7 +1036,7 @@ static void vli_mod_square_fast(u64 *result, const u64 *left,
* See "From Euclid's GCD to Montgomery Multiplication to the Great Divide"
* https://labs.oracle.com/techrep/2001/smli_tr-2001-95.pdf
*/
-void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
+void CRYPTO_API(vli_mod_inv)(u64 *result, const u64 *input, const u64 *mod,
unsigned int ndigits)
{
u64 a[ECC_MAX_DIGITS], b[ECC_MAX_DIGITS];
@@ -1109,17 +1109,17 @@ void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
vli_set(result, u, ndigits);
}
-EXPORT_SYMBOL(vli_mod_inv);
+DEFINE_CRYPTO_API(vli_mod_inv);
/* ------ Point operations ------ */
/* Returns true if p_point is the point at infinity, false otherwise. */
-bool ecc_point_is_zero(const struct ecc_point *point)
+bool CRYPTO_API(ecc_point_is_zero)(const struct ecc_point *point)
{
return (vli_is_zero(point->x, point->ndigits) &&
vli_is_zero(point->y, point->ndigits));
}
-EXPORT_SYMBOL(ecc_point_is_zero);
+DEFINE_CRYPTO_API(ecc_point_is_zero);
/* Point multiplication algorithm using Montgomery's ladder with co-Z
* coordinates. From https://eprint.iacr.org/2011/338.pdf
@@ -1411,7 +1411,7 @@ static void ecc_point_add(const struct ecc_point *result,
/* Computes R = u1P + u2Q mod p using Shamir's trick.
* Based on: Kenneth MacKay's micro-ecc (2014).
*/
-void ecc_point_mult_shamir(const struct ecc_point *result,
+void CRYPTO_API(ecc_point_mult_shamir)(const struct ecc_point *result,
const u64 *u1, const struct ecc_point *p,
const u64 *u2, const struct ecc_point *q,
const struct ecc_curve *curve)
@@ -1466,7 +1466,7 @@ void ecc_point_mult_shamir(const struct ecc_point *result,
vli_mod_inv(z, z, curve->p, ndigits);
apply_z(rx, ry, z, curve);
}
-EXPORT_SYMBOL(ecc_point_mult_shamir);
+DEFINE_CRYPTO_API(ecc_point_mult_shamir);
/*
* This function performs checks equivalent to Appendix A.4.2 of FIPS 186-5.
@@ -1497,7 +1497,7 @@ static int __ecc_is_key_valid(const struct ecc_curve *curve,
return 0;
}
-int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
+int CRYPTO_API(ecc_is_key_valid)(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, unsigned int private_key_len)
{
int nbytes;
@@ -1510,7 +1510,7 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
return __ecc_is_key_valid(curve, private_key, ndigits);
}
-EXPORT_SYMBOL(ecc_is_key_valid);
+DEFINE_CRYPTO_API(ecc_is_key_valid);
/*
* ECC private keys are generated using the method of rejection sampling,
@@ -1519,7 +1519,7 @@ EXPORT_SYMBOL(ecc_is_key_valid);
* This method generates a private key uniformly distributed in the range
* [2, n-3].
*/
-int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
+int CRYPTO_API(ecc_gen_privkey)(unsigned int curve_id, unsigned int ndigits,
u64 *private_key)
{
const struct ecc_curve *curve = ecc_get_curve(curve_id);
@@ -1561,9 +1561,9 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
return 0;
}
-EXPORT_SYMBOL(ecc_gen_privkey);
+DEFINE_CRYPTO_API(ecc_gen_privkey);
-int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
+int CRYPTO_API(ecc_make_pub_key)(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, u64 *public_key)
{
int ret = 0;
@@ -1597,10 +1597,10 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
out:
return ret;
}
-EXPORT_SYMBOL(ecc_make_pub_key);
+DEFINE_CRYPTO_API(ecc_make_pub_key);
/* SP800-56A section 5.6.2.3.4 partial verification: ephemeral keys only */
-int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
+int CRYPTO_API(ecc_is_pubkey_valid_partial)(const struct ecc_curve *curve,
struct ecc_point *pk)
{
u64 yy[ECC_MAX_DIGITS], xxx[ECC_MAX_DIGITS], w[ECC_MAX_DIGITS];
@@ -1630,10 +1630,10 @@ int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
return 0;
}
-EXPORT_SYMBOL(ecc_is_pubkey_valid_partial);
+DEFINE_CRYPTO_API(ecc_is_pubkey_valid_partial);
/* SP800-56A section 5.6.2.3.3 full verification */
-int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
+int CRYPTO_API(ecc_is_pubkey_valid_full)(const struct ecc_curve *curve,
struct ecc_point *pk)
{
struct ecc_point *nQ;
@@ -1657,9 +1657,9 @@ int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
return ret;
}
-EXPORT_SYMBOL(ecc_is_pubkey_valid_full);
+DEFINE_CRYPTO_API(ecc_is_pubkey_valid_full);
-int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
+int CRYPTO_API(crypto_ecdh_shared_secret)(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, const u64 *public_key,
u64 *secret)
{
@@ -1713,7 +1713,7 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
out:
return ret;
}
-EXPORT_SYMBOL(crypto_ecdh_shared_secret);
+DEFINE_CRYPTO_API(crypto_ecdh_shared_secret);
MODULE_DESCRIPTION("core elliptic curve module");
MODULE_LICENSE("Dual BSD/GPL");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 600c759cbc5e..f236b302c2a7 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -363,3 +363,37 @@ DEFINE_CRYPTO_API_STUB(crypto_dh_decode_key);
#endif
+/*
+ * crypto/ecc.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_ECC)
+
+#include <crypto/ecc_curve.h>
+
+DEFINE_CRYPTO_API_STUB(ecc_get_curve);
+DEFINE_CRYPTO_API_STUB(ecc_get_curve25519);
+
+#include <crypto/internal/ecc.h>
+
+DEFINE_CRYPTO_API_STUB(ecc_digits_from_bytes);
+DEFINE_CRYPTO_API_STUB(ecc_is_key_valid);
+DEFINE_CRYPTO_API_STUB(ecc_gen_privkey);
+DEFINE_CRYPTO_API_STUB(ecc_make_pub_key);
+DEFINE_CRYPTO_API_STUB(crypto_ecdh_shared_secret);
+DEFINE_CRYPTO_API_STUB(ecc_is_pubkey_valid_partial);
+DEFINE_CRYPTO_API_STUB(ecc_is_pubkey_valid_full);
+DEFINE_CRYPTO_API_STUB(vli_is_zero);
+DEFINE_CRYPTO_API_STUB(vli_cmp);
+DEFINE_CRYPTO_API_STUB(vli_sub);
+DEFINE_CRYPTO_API_STUB(vli_from_be64);
+DEFINE_CRYPTO_API_STUB(vli_from_le64);
+DEFINE_CRYPTO_API_STUB(vli_mod_inv);
+DEFINE_CRYPTO_API_STUB(vli_mod_mult_slow);
+DEFINE_CRYPTO_API_STUB(vli_num_bits);
+DEFINE_CRYPTO_API_STUB(ecc_alloc_point);
+DEFINE_CRYPTO_API_STUB(ecc_free_point);
+DEFINE_CRYPTO_API_STUB(ecc_point_is_zero);
+DEFINE_CRYPTO_API_STUB(ecc_point_mult_shamir);
+
+#endif
+
diff --git a/include/crypto/ecc_curve.h b/include/crypto/ecc_curve.h
index 7d90c5e82266..547cb82517bf 100644
--- a/include/crypto/ecc_curve.h
+++ b/include/crypto/ecc_curve.h
@@ -4,6 +4,7 @@
#ifndef _CRYTO_ECC_CURVE_H
#define _CRYTO_ECC_CURVE_H
+#include <crypto/api.h>
#include <linux/types.h>
/**
@@ -50,13 +51,17 @@ struct ecc_curve {
*
* Returns curve if get curve succssful, NULL otherwise
*/
-const struct ecc_curve *ecc_get_curve(unsigned int curve_id);
+DECLARE_CRYPTO_API(ecc_get_curve, const struct ecc_curve *,
+ (unsigned int curve_id),
+ (curve_id));
/**
* ecc_get_curve25519() - get curve25519 curve;
*
* Returns curve25519
*/
-const struct ecc_curve *ecc_get_curve25519(void);
+DECLARE_CRYPTO_API(ecc_get_curve25519, const struct ecc_curve *,
+ (void),
+ ());
#endif
diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/ecc.h
index 57cd75242141..906d1443de96 100644
--- a/include/crypto/internal/ecc.h
+++ b/include/crypto/internal/ecc.h
@@ -26,6 +26,7 @@
#ifndef _CRYPTO_ECC_H
#define _CRYPTO_ECC_H
+#include <crypto/api.h>
#include <crypto/ecc_curve.h>
#include <linux/unaligned.h>
@@ -79,8 +80,9 @@ static inline void ecc_swap_digits(const void *in, u64 *out, unsigned int ndigit
* The first byte in the input byte array is expected to hold the most
* significant bits of the large integer.
*/
-void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
- u64 *out, unsigned int ndigits);
+DECLARE_CRYPTO_API(ecc_digits_from_bytes, void,
+ (const u8 *in, unsigned int nbytes, u64 *out, unsigned int ndigits),
+ (in, nbytes, out, ndigits));
/**
* ecc_is_key_valid() - Validate a given ECDH private key
@@ -92,8 +94,9 @@ void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
*
* Returns 0 if the key is acceptable, a negative value otherwise
*/
-int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
- const u64 *private_key, unsigned int private_key_len);
+DECLARE_CRYPTO_API(ecc_is_key_valid, int,
+ (unsigned int curve_id, unsigned int ndigits, const u64 *private_key, unsigned int private_key_len),
+ (curve_id, ndigits, private_key, private_key_len));
/**
* ecc_gen_privkey() - Generates an ECC private key.
@@ -107,8 +110,9 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
* Returns 0 if the private key was generated successfully, a negative value
* if an error occurred.
*/
-int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
- u64 *private_key);
+DECLARE_CRYPTO_API(ecc_gen_privkey, int,
+ (unsigned int curve_id, unsigned int ndigits, u64 *private_key),
+ (curve_id, ndigits, private_key));
/**
* ecc_make_pub_key() - Compute an ECC public key
@@ -121,8 +125,9 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
* Returns 0 if the public key was generated successfully, a negative value
* if an error occurred.
*/
-int ecc_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
- const u64 *private_key, u64 *public_key);
+DECLARE_CRYPTO_API(ecc_make_pub_key, int,
+ (const unsigned int curve_id, unsigned int ndigits, const u64 *private_key, u64 *public_key),
+ (curve_id, ndigits, private_key, public_key));
/**
* crypto_ecdh_shared_secret() - Compute a shared secret
@@ -139,9 +144,9 @@ int ecc_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
* Returns 0 if the shared secret was generated successfully, a negative value
* if an error occurred.
*/
-int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
- const u64 *private_key, const u64 *public_key,
- u64 *secret);
+DECLARE_CRYPTO_API(crypto_ecdh_shared_secret, int,
+ (unsigned int curve_id, unsigned int ndigits, const u64 *private_key, const u64 *public_key, u64 *secret),
+ (curve_id, ndigits, private_key, public_key, secret));
/**
* ecc_is_pubkey_valid_partial() - Partial public key validation
@@ -157,8 +162,9 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
*
* Return: 0 if validation is successful, -EINVAL if validation is failed.
*/
-int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
- struct ecc_point *pk);
+DECLARE_CRYPTO_API(ecc_is_pubkey_valid_partial, int,
+ (const struct ecc_curve *curve, struct ecc_point *pk),
+ (curve, pk));
/**
* ecc_is_pubkey_valid_full() - Full public key validation
@@ -171,8 +177,9 @@ int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
*
* Return: 0 if validation is successful, -EINVAL if validation is failed.
*/
-int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
- struct ecc_point *pk);
+DECLARE_CRYPTO_API(ecc_is_pubkey_valid_full, int,
+ (const struct ecc_curve *curve, struct ecc_point *pk),
+ (curve, pk));
/**
* vli_is_zero() - Determine is vli is zero
@@ -180,7 +187,9 @@ int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
* @vli: vli to check.
* @ndigits: length of the @vli
*/
-bool vli_is_zero(const u64 *vli, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_is_zero, bool,
+ (const u64 *vli, unsigned int ndigits),
+ (vli, ndigits));
/**
* vli_cmp() - compare left and right vlis
@@ -192,7 +201,9 @@ bool vli_is_zero(const u64 *vli, unsigned int ndigits);
* Returns sign of @left - @right, i.e. -1 if @left < @right,
* 0 if @left == @right, 1 if @left > @right.
*/
-int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_cmp, int,
+ (const u64 *left, const u64 *right, unsigned int ndigits),
+ (left, right, ndigits));
/**
* vli_sub() - Subtracts right from left
@@ -206,8 +217,9 @@ int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits);
*
* Return: carry bit.
*/
-u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
- unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_sub, u64,
+ (u64 *result, const u64 *left, const u64 *right, unsigned int ndigits),
+ (result, left, right, ndigits));
/**
* vli_from_be64() - Load vli from big-endian u64 array
@@ -216,7 +228,9 @@ u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
* @src: source array of u64 BE values
* @ndigits: length of both vli and array
*/
-void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_from_be64, void,
+ (u64 *dest, const void *src, unsigned int ndigits),
+ (dest, src, ndigits));
/**
* vli_from_le64() - Load vli from little-endian u64 array
@@ -225,7 +239,9 @@ void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits);
* @src: source array of u64 LE values
* @ndigits: length of both vli and array
*/
-void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_from_le64, void,
+ (u64 *dest, const void *src, unsigned int ndigits),
+ (dest, src, ndigits));
/**
* vli_mod_inv() - Modular inversion
@@ -235,8 +251,9 @@ void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits);
* @mod: modulus
* @ndigits: length of all vlis
*/
-void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
- unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_mod_inv, void,
+ (u64 *result, const u64 *input, const u64 *mod, unsigned int ndigits),
+ (result, input, mod, ndigits));
/**
* vli_mod_mult_slow() - Modular multiplication
@@ -249,8 +266,9 @@ void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
*
* Note: Assumes that mod is big enough curve order.
*/
-void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
- const u64 *mod, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_mod_mult_slow, void,
+ (u64 *result, const u64 *left, const u64 *right, const u64 *mod, unsigned int ndigits),
+ (result, left, right, mod, ndigits));
/**
* vli_num_bits() - Counts the number of bits required for vli.
@@ -260,7 +278,9 @@ void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
*
* Return: The number of bits required to represent @vli.
*/
-unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_num_bits, unsigned int,
+ (const u64 *vli, unsigned int ndigits),
+ (vli, ndigits));
/**
* ecc_aloc_point() - Allocate ECC point.
@@ -269,14 +289,18 @@ unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits);
*
* Return: Pointer to the allocated point or NULL if allocation failed.
*/
-struct ecc_point *ecc_alloc_point(unsigned int ndigits);
+DECLARE_CRYPTO_API(ecc_alloc_point, struct ecc_point *,
+ (unsigned int ndigits),
+ (ndigits));
/**
* ecc_free_point() - Free ECC point.
*
* @p: The point to free.
*/
-void ecc_free_point(struct ecc_point *p);
+DECLARE_CRYPTO_API(ecc_free_point, void,
+ (struct ecc_point *p),
+ (p));
/**
* ecc_point_is_zero() - Check if point is zero.
@@ -285,7 +309,9 @@ void ecc_free_point(struct ecc_point *p);
*
* Return: true if point is the point at infinity, false otherwise.
*/
-bool ecc_point_is_zero(const struct ecc_point *point);
+DECLARE_CRYPTO_API(ecc_point_is_zero, bool,
+ (const struct ecc_point *point),
+ (point));
/**
* ecc_point_mult_shamir() - Add two points multiplied by scalars
@@ -300,10 +326,9 @@ bool ecc_point_is_zero(const struct ecc_point *point);
* Returns result = x * p + x * q over the curve.
* This works faster than two multiplications and addition.
*/
-void ecc_point_mult_shamir(const struct ecc_point *result,
- const u64 *x, const struct ecc_point *p,
- const u64 *y, const struct ecc_point *q,
- const struct ecc_curve *curve);
+DECLARE_CRYPTO_API(ecc_point_mult_shamir, void,
+ (const struct ecc_point *result, const u64 *x, const struct ecc_point *p, const u64 *y, const struct ecc_point *q, const struct ecc_curve *curve),
+ (result, x, p, y, q, curve));
extern struct crypto_template ecdsa_x962_tmpl;
extern struct crypto_template ecdsa_p1363_tmpl;
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 049/104] crypto: fips140: convert crypto/ecdh.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (47 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 048/104] crypto: fips140: convert crypto/ecc.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 050/104] crypto: fips140: convert crypto/ecdh_helper.c " Vegard Nossum
` (55 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECDH --source crypto/ecdh.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecdh.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 9f0b93b3166d..32c98cebfda6 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -240,8 +240,8 @@ static void __exit ecdh_exit(void)
crypto_unregister_kpp(&ecdh_nist_p384);
}
-module_init(ecdh_init);
-module_exit(ecdh_exit);
+crypto_module_init(ecdh_init);
+crypto_module_exit(ecdh_exit);
MODULE_ALIAS_CRYPTO("ecdh");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("ECDH generic algorithm");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 050/104] crypto: fips140: convert crypto/ecdh_helper.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (48 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 049/104] crypto: fips140: convert crypto/ecdh.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 051/104] crypto: fips140: convert crypto/ecdsa.c " Vegard Nossum
` (54 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECDH --source crypto/ecdh_helper.c --header include/crypto/ecdh.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecdh_helper.c | 12 ++++++------
crypto/fips140-api.c | 13 +++++++++++++
include/crypto/ecdh.h | 12 +++++++++---
3 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/crypto/ecdh_helper.c b/crypto/ecdh_helper.c
index f18f9028f912..42530c3f70dd 100644
--- a/crypto/ecdh_helper.c
+++ b/crypto/ecdh_helper.c
@@ -24,13 +24,13 @@ static inline const u8 *ecdh_unpack_data(void *dst, const void *src, size_t sz)
return src + sz;
}
-unsigned int crypto_ecdh_key_len(const struct ecdh *params)
+unsigned int CRYPTO_API(crypto_ecdh_key_len)(const struct ecdh *params)
{
return ECDH_KPP_SECRET_MIN_SIZE + params->key_size;
}
-EXPORT_SYMBOL_GPL(crypto_ecdh_key_len);
+DEFINE_CRYPTO_API(crypto_ecdh_key_len);
-int crypto_ecdh_encode_key(char *buf, unsigned int len,
+int CRYPTO_API(crypto_ecdh_encode_key)(char *buf, unsigned int len,
const struct ecdh *params)
{
u8 *ptr = buf;
@@ -51,9 +51,9 @@ int crypto_ecdh_encode_key(char *buf, unsigned int len,
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_ecdh_encode_key);
+DEFINE_CRYPTO_API(crypto_ecdh_encode_key);
-int crypto_ecdh_decode_key(const char *buf, unsigned int len,
+int CRYPTO_API(crypto_ecdh_decode_key)(const char *buf, unsigned int len,
struct ecdh *params)
{
const u8 *ptr = buf;
@@ -80,4 +80,4 @@ int crypto_ecdh_decode_key(const char *buf, unsigned int len,
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_ecdh_decode_key);
+DEFINE_CRYPTO_API(crypto_ecdh_decode_key);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index f236b302c2a7..fab12d65a312 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -397,3 +397,16 @@ DEFINE_CRYPTO_API_STUB(ecc_point_mult_shamir);
#endif
+/*
+ * crypto/ecdh_helper.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_ECDH)
+
+#include <crypto/ecdh.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_ecdh_key_len);
+DEFINE_CRYPTO_API_STUB(crypto_ecdh_encode_key);
+DEFINE_CRYPTO_API_STUB(crypto_ecdh_decode_key);
+
+#endif
+
diff --git a/include/crypto/ecdh.h b/include/crypto/ecdh.h
index aa09f880c0d3..35d20c9b23d2 100644
--- a/include/crypto/ecdh.h
+++ b/include/crypto/ecdh.h
@@ -51,7 +51,9 @@ struct ecdh {
*
* Return: size of the key in bytes
*/
-unsigned int crypto_ecdh_key_len(const struct ecdh *params);
+DECLARE_CRYPTO_API(crypto_ecdh_key_len, unsigned int,
+ (const struct ecdh *params),
+ (params));
/**
* crypto_ecdh_encode_key() - encode the private key
@@ -66,7 +68,9 @@ unsigned int crypto_ecdh_key_len(const struct ecdh *params);
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
-int crypto_ecdh_encode_key(char *buf, unsigned int len, const struct ecdh *p);
+DECLARE_CRYPTO_API(crypto_ecdh_encode_key, int,
+ (char *buf, unsigned int len, const struct ecdh *p),
+ (buf, len, p));
/**
* crypto_ecdh_decode_key() - decode a private key
@@ -80,6 +84,8 @@ int crypto_ecdh_encode_key(char *buf, unsigned int len, const struct ecdh *p);
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
-int crypto_ecdh_decode_key(const char *buf, unsigned int len, struct ecdh *p);
+DECLARE_CRYPTO_API(crypto_ecdh_decode_key, int,
+ (const char *buf, unsigned int len, struct ecdh *p),
+ (buf, len, p));
#endif
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 051/104] crypto: fips140: convert crypto/ecdsa.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (49 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 050/104] crypto: fips140: convert crypto/ecdh_helper.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 052/104] crypto: fips140: convert crypto/echainiv.c " Vegard Nossum
` (53 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECDSA --source crypto/ecdsa.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecdsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index ce8e4364842f..64903419e6db 100644
--- a/crypto/ecdsa.c
+++ b/crypto/ecdsa.c
@@ -334,8 +334,8 @@ static void __exit ecdsa_exit(void)
crypto_unregister_sig(&ecdsa_nist_p521);
}
-module_init(ecdsa_init);
-module_exit(ecdsa_exit);
+crypto_module_init(ecdsa_init);
+crypto_module_exit(ecdsa_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Stefan Berger <stefanb@linux.ibm.com>");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 052/104] crypto: fips140: convert crypto/echainiv.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (50 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 051/104] crypto: fips140: convert crypto/ecdsa.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 053/104] crypto: fips140: convert crypto/essiv.c " Vegard Nossum
` (52 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECHAINIV --source crypto/echainiv.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/echainiv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/echainiv.c b/crypto/echainiv.c
index e0a2d3209938..d409b4169e83 100644
--- a/crypto/echainiv.c
+++ b/crypto/echainiv.c
@@ -145,8 +145,8 @@ static void __exit echainiv_module_exit(void)
crypto_unregister_template(&echainiv_tmpl);
}
-module_init(echainiv_module_init);
-module_exit(echainiv_module_exit);
+crypto_module_init(echainiv_module_init);
+crypto_module_exit(echainiv_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Encrypted Chain IV Generator");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 053/104] crypto: fips140: convert crypto/essiv.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (51 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 052/104] crypto: fips140: convert crypto/echainiv.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 054/104] crypto: fips140: convert crypto/gcm.c " Vegard Nossum
` (51 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ESSIV --source crypto/essiv.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/essiv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/essiv.c b/crypto/essiv.c
index d003b78fcd85..579fa227476f 100644
--- a/crypto/essiv.c
+++ b/crypto/essiv.c
@@ -641,8 +641,8 @@ static void __exit essiv_module_exit(void)
crypto_unregister_template(&essiv_tmpl);
}
-module_init(essiv_module_init);
-module_exit(essiv_module_exit);
+crypto_module_init(essiv_module_init);
+crypto_module_exit(essiv_module_exit);
MODULE_DESCRIPTION("ESSIV skcipher/aead wrapper for block encryption");
MODULE_LICENSE("GPL v2");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 054/104] crypto: fips140: convert crypto/gcm.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (52 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 053/104] crypto: fips140: convert crypto/essiv.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 055/104] crypto: fips140: convert crypto/geniv.c " Vegard Nossum
` (50 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_GCM --source crypto/gcm.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/gcm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/gcm.c b/crypto/gcm.c
index 97716482bed0..54a376e782d1 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -1119,8 +1119,8 @@ static void __exit crypto_gcm_module_exit(void)
ARRAY_SIZE(crypto_gcm_tmpls));
}
-module_init(crypto_gcm_module_init);
-module_exit(crypto_gcm_module_exit);
+crypto_module_init(crypto_gcm_module_init);
+crypto_module_exit(crypto_gcm_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Galois/Counter Mode");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 055/104] crypto: fips140: convert crypto/geniv.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (53 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 054/104] crypto: fips140: convert crypto/gcm.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 056/104] crypto: fips140: convert crypto/ghash-generic.c " Vegard Nossum
` (49 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_GENIV --source crypto/geniv.c --header include/crypto/internal/geniv.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 13 +++++++++++++
crypto/geniv.c | 12 ++++++------
include/crypto/internal/geniv.h | 14 ++++++++++----
3 files changed, 29 insertions(+), 10 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index fab12d65a312..09f5818cebe2 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -410,3 +410,16 @@ DEFINE_CRYPTO_API_STUB(crypto_ecdh_decode_key);
#endif
+/*
+ * crypto/geniv.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_GENIV)
+
+#include <crypto/internal/geniv.h>
+
+DEFINE_CRYPTO_API_STUB(aead_geniv_alloc);
+DEFINE_CRYPTO_API_STUB(aead_init_geniv);
+DEFINE_CRYPTO_API_STUB(aead_exit_geniv);
+
+#endif
+
diff --git a/crypto/geniv.c b/crypto/geniv.c
index 0b18240ac813..61d81aa2d4ff 100644
--- a/crypto/geniv.c
+++ b/crypto/geniv.c
@@ -37,7 +37,7 @@ static void aead_geniv_free(struct aead_instance *inst)
kfree(inst);
}
-struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl,
+struct aead_instance *CRYPTO_API(aead_geniv_alloc)(struct crypto_template *tmpl,
struct rtattr **tb)
{
struct crypto_aead_spawn *spawn;
@@ -103,9 +103,9 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl,
inst = ERR_PTR(err);
goto out;
}
-EXPORT_SYMBOL_GPL(aead_geniv_alloc);
+DEFINE_CRYPTO_API(aead_geniv_alloc);
-int aead_init_geniv(struct crypto_aead *aead)
+int CRYPTO_API(aead_init_geniv)(struct crypto_aead *aead)
{
struct aead_geniv_ctx *ctx = crypto_aead_ctx(aead);
struct aead_instance *inst = aead_alg_instance(aead);
@@ -138,15 +138,15 @@ int aead_init_geniv(struct crypto_aead *aead)
out:
return err;
}
-EXPORT_SYMBOL_GPL(aead_init_geniv);
+DEFINE_CRYPTO_API(aead_init_geniv);
-void aead_exit_geniv(struct crypto_aead *tfm)
+void CRYPTO_API(aead_exit_geniv)(struct crypto_aead *tfm)
{
struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm);
crypto_free_aead(ctx->child);
}
-EXPORT_SYMBOL_GPL(aead_exit_geniv);
+DEFINE_CRYPTO_API(aead_exit_geniv);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Shared IV generator code");
diff --git a/include/crypto/internal/geniv.h b/include/crypto/internal/geniv.h
index 012f5fb22d43..c7aaad2ab534 100644
--- a/include/crypto/internal/geniv.h
+++ b/include/crypto/internal/geniv.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_INTERNAL_GENIV_H
#define _CRYPTO_INTERNAL_GENIV_H
+#include <crypto/api.h>
#include <crypto/internal/aead.h>
#include <linux/spinlock.h>
#include <linux/types.h>
@@ -18,9 +19,14 @@ struct aead_geniv_ctx {
u8 salt[] __attribute__ ((aligned(__alignof__(u32))));
};
-struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl,
- struct rtattr **tb);
-int aead_init_geniv(struct crypto_aead *tfm);
-void aead_exit_geniv(struct crypto_aead *tfm);
+DECLARE_CRYPTO_API(aead_geniv_alloc, struct aead_instance *,
+ (struct crypto_template *tmpl, struct rtattr **tb),
+ (tmpl, tb));
+DECLARE_CRYPTO_API(aead_init_geniv, int,
+ (struct crypto_aead *tfm),
+ (tfm));
+DECLARE_CRYPTO_API(aead_exit_geniv, void,
+ (struct crypto_aead *tfm),
+ (tfm));
#endif /* _CRYPTO_INTERNAL_GENIV_H */
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 056/104] crypto: fips140: convert crypto/ghash-generic.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (54 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 055/104] crypto: fips140: convert crypto/geniv.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 057/104] crypto: fips140: convert crypto/hmac.c " Vegard Nossum
` (48 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_GHASH --source crypto/ghash-generic.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ghash-generic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
index e5803c249c12..37e98aa546c7 100644
--- a/crypto/ghash-generic.c
+++ b/crypto/ghash-generic.c
@@ -153,8 +153,8 @@ static void __exit ghash_mod_exit(void)
crypto_unregister_shash(&ghash_alg);
}
-module_init(ghash_mod_init);
-module_exit(ghash_mod_exit);
+crypto_module_init(ghash_mod_init);
+crypto_module_exit(ghash_mod_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("GHASH hash function");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 057/104] crypto: fips140: convert crypto/hmac.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (55 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 056/104] crypto: fips140: convert crypto/ghash-generic.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 058/104] crypto: fips140: convert crypto/jitterentropy-kcapi.c " Vegard Nossum
` (47 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_HMAC --source crypto/hmac.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/hmac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 148af460ae97..d8d24a2ea2f7 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -573,8 +573,8 @@ static void __exit hmac_module_exit(void)
crypto_unregister_templates(hmac_tmpls, ARRAY_SIZE(hmac_tmpls));
}
-module_init(hmac_module_init);
-module_exit(hmac_module_exit);
+crypto_module_init(hmac_module_init);
+crypto_module_exit(hmac_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("HMAC hash algorithm");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 058/104] crypto: fips140: convert crypto/jitterentropy-kcapi.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (56 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 057/104] crypto: fips140: convert crypto/hmac.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 059/104] crypto: fips140: convert crypto/kpp.c " Vegard Nossum
` (46 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_JITTERENTROPY --source crypto/jitterentropy-kcapi.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/jitterentropy-kcapi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 1266eb790708..4718a40f8bd6 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -368,8 +368,8 @@ static void __exit jent_mod_exit(void)
crypto_unregister_rng(&jent_alg);
}
-module_init(jent_mod_init);
-module_exit(jent_mod_exit);
+crypto_module_init(jent_mod_init);
+crypto_module_exit(jent_mod_exit);
MODULE_LICENSE("Dual BSD/GPL");
MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 059/104] crypto: fips140: convert crypto/kpp.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (57 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 058/104] crypto: fips140: convert crypto/jitterentropy-kcapi.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 060/104] crypto: fips140: convert crypto/lskcipher.c " Vegard Nossum
` (45 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_KPP2 --source crypto/kpp.c --header include/crypto/kpp.h include/crypto/internal/kpp.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 19 +++++++++++++++++++
crypto/kpp.c | 24 ++++++++++++------------
include/crypto/internal/kpp.h | 21 ++++++++++++++-------
include/crypto/kpp.h | 9 +++++++--
4 files changed, 52 insertions(+), 21 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 09f5818cebe2..9c9f9d57f99d 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -423,3 +423,22 @@ DEFINE_CRYPTO_API_STUB(aead_exit_geniv);
#endif
+/*
+ * crypto/kpp.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_KPP2)
+
+#include <crypto/kpp.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_kpp);
+DEFINE_CRYPTO_API_STUB(crypto_has_kpp);
+
+#include <crypto/internal/kpp.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_register_kpp);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_kpp);
+DEFINE_CRYPTO_API_STUB(kpp_register_instance);
+DEFINE_CRYPTO_API_STUB(crypto_grab_kpp);
+
+#endif
+
diff --git a/crypto/kpp.c b/crypto/kpp.c
index 2e0cefe7a25f..7769cfe8bfde 100644
--- a/crypto/kpp.c
+++ b/crypto/kpp.c
@@ -83,26 +83,26 @@ static const struct crypto_type crypto_kpp_type = {
.algsize = offsetof(struct kpp_alg, base),
};
-struct crypto_kpp *crypto_alloc_kpp(const char *alg_name, u32 type, u32 mask)
+struct crypto_kpp *CRYPTO_API(crypto_alloc_kpp)(const char *alg_name, u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_kpp_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_kpp);
+DEFINE_CRYPTO_API(crypto_alloc_kpp);
-int crypto_grab_kpp(struct crypto_kpp_spawn *spawn,
+int CRYPTO_API(crypto_grab_kpp)(struct crypto_kpp_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_kpp_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_kpp);
+DEFINE_CRYPTO_API(crypto_grab_kpp);
-int crypto_has_kpp(const char *alg_name, u32 type, u32 mask)
+int CRYPTO_API(crypto_has_kpp)(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_kpp_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_has_kpp);
+DEFINE_CRYPTO_API(crypto_has_kpp);
static void kpp_prepare_alg(struct kpp_alg *alg)
{
@@ -113,22 +113,22 @@ static void kpp_prepare_alg(struct kpp_alg *alg)
base->cra_flags |= CRYPTO_ALG_TYPE_KPP;
}
-int crypto_register_kpp(struct kpp_alg *alg)
+int CRYPTO_API(crypto_register_kpp)(struct kpp_alg *alg)
{
struct crypto_alg *base = &alg->base;
kpp_prepare_alg(alg);
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_kpp);
+DEFINE_CRYPTO_API(crypto_register_kpp);
-void crypto_unregister_kpp(struct kpp_alg *alg)
+void CRYPTO_API(crypto_unregister_kpp)(struct kpp_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_kpp);
+DEFINE_CRYPTO_API(crypto_unregister_kpp);
-int kpp_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(kpp_register_instance)(struct crypto_template *tmpl,
struct kpp_instance *inst)
{
if (WARN_ON(!inst->free))
@@ -138,7 +138,7 @@ int kpp_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, kpp_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(kpp_register_instance);
+DEFINE_CRYPTO_API(kpp_register_instance);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Key-agreement Protocol Primitives");
diff --git a/include/crypto/internal/kpp.h b/include/crypto/internal/kpp.h
index 0a6db8c4a9a0..f69e1e311ef4 100644
--- a/include/crypto/internal/kpp.h
+++ b/include/crypto/internal/kpp.h
@@ -7,6 +7,8 @@
*/
#ifndef _CRYPTO_KPP_INT_H
#define _CRYPTO_KPP_INT_H
+
+#include <crypto/api.h>
#include <crypto/kpp.h>
#include <crypto/algapi.h>
@@ -159,7 +161,9 @@ static inline void *kpp_instance_ctx(struct kpp_instance *inst)
*
* Return: zero on success; error code in case of error
*/
-int crypto_register_kpp(struct kpp_alg *alg);
+DECLARE_CRYPTO_API(crypto_register_kpp, int,
+ (struct kpp_alg *alg),
+ (alg));
/**
* crypto_unregister_kpp() -- Unregister key-agreement protocol primitive
@@ -170,7 +174,9 @@ int crypto_register_kpp(struct kpp_alg *alg);
*
* @alg: algorithm definition
*/
-void crypto_unregister_kpp(struct kpp_alg *alg);
+DECLARE_CRYPTO_API(crypto_unregister_kpp, void,
+ (struct kpp_alg *alg),
+ (alg));
/**
* kpp_register_instance() - Register a KPP template instance.
@@ -178,8 +184,9 @@ void crypto_unregister_kpp(struct kpp_alg *alg);
* @inst: The KPP template instance to be registered.
* Return: %0 on success, negative error code otherwise.
*/
-int kpp_register_instance(struct crypto_template *tmpl,
- struct kpp_instance *inst);
+DECLARE_CRYPTO_API(kpp_register_instance, int,
+ (struct crypto_template *tmpl, struct kpp_instance *inst),
+ (tmpl, inst));
/*
* KPP spawn related functions.
@@ -193,9 +200,9 @@ int kpp_register_instance(struct crypto_template *tmpl,
* @mask: The mask bismask to pass on to the lookup.
* Return: %0 on success, a negative error code otherwise.
*/
-int crypto_grab_kpp(struct crypto_kpp_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_kpp, int,
+ (struct crypto_kpp_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
/**
* crypto_drop_kpp() - Release a spawn previously bound via crypto_grab_kpp().
diff --git a/include/crypto/kpp.h b/include/crypto/kpp.h
index 2d9c4de57b69..f4b0af4afdb7 100644
--- a/include/crypto/kpp.h
+++ b/include/crypto/kpp.h
@@ -9,6 +9,7 @@
#ifndef _CRYPTO_KPP_
#define _CRYPTO_KPP_
+#include <crypto/api.h>
#include <linux/atomic.h>
#include <linux/container_of.h>
#include <linux/crypto.h>
@@ -107,9 +108,13 @@ struct kpp_alg {
* Return: allocated handle in case of success; IS_ERR() is true in case of
* an error, PTR_ERR() returns the error code.
*/
-struct crypto_kpp *crypto_alloc_kpp(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_kpp, struct crypto_kpp *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
-int crypto_has_kpp(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_has_kpp, int,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_kpp_tfm(struct crypto_kpp *tfm)
{
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 060/104] crypto: fips140: convert crypto/lskcipher.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (58 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 059/104] crypto: fips140: convert crypto/kpp.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 061/104] crypto: fips140: convert crypto/pcrypt.c " Vegard Nossum
` (44 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SKCIPHER2 --source crypto/lskcipher.c --header include/crypto/skcipher.h include/crypto/internal/skcipher.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 24 ++++++++++++++++
crypto/lskcipher.c | 44 +++++++++++++++---------------
include/crypto/internal/skcipher.h | 34 +++++++++++++++--------
include/crypto/skcipher.h | 21 ++++++++------
4 files changed, 82 insertions(+), 41 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 9c9f9d57f99d..70b896ef42ff 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -442,3 +442,27 @@ DEFINE_CRYPTO_API_STUB(crypto_grab_kpp);
#endif
+/*
+ * crypto/lskcipher.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SKCIPHER2)
+
+#include <crypto/skcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_lskcipher);
+DEFINE_CRYPTO_API_STUB(crypto_lskcipher_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_lskcipher_encrypt);
+DEFINE_CRYPTO_API_STUB(crypto_lskcipher_decrypt);
+
+#include <crypto/internal/skcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_grab_lskcipher);
+DEFINE_CRYPTO_API_STUB(crypto_register_lskcipher);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_lskcipher);
+DEFINE_CRYPTO_API_STUB(crypto_register_lskciphers);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_lskciphers);
+DEFINE_CRYPTO_API_STUB(lskcipher_register_instance);
+DEFINE_CRYPTO_API_STUB(lskcipher_alloc_instance_simple);
+
+#endif
+
diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c
index c2e2c38b5aa8..147a897ae5ea 100644
--- a/crypto/lskcipher.c
+++ b/crypto/lskcipher.c
@@ -50,7 +50,7 @@ static int lskcipher_setkey_unaligned(struct crypto_lskcipher *tfm,
return ret;
}
-int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm, const u8 *key,
+int CRYPTO_API(crypto_lskcipher_setkey)(struct crypto_lskcipher *tfm, const u8 *key,
unsigned int keylen)
{
unsigned long alignmask = crypto_lskcipher_alignmask(tfm);
@@ -64,7 +64,7 @@ int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm, const u8 *key,
else
return cipher->setkey(tfm, key, keylen);
}
-EXPORT_SYMBOL_GPL(crypto_lskcipher_setkey);
+DEFINE_CRYPTO_API(crypto_lskcipher_setkey);
static int crypto_lskcipher_crypt_unaligned(
struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, unsigned len,
@@ -137,23 +137,23 @@ static int crypto_lskcipher_crypt(struct crypto_lskcipher *tfm, const u8 *src,
return crypt(tfm, src, dst, len, iv, CRYPTO_LSKCIPHER_FLAG_FINAL);
}
-int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src,
+int CRYPTO_API(crypto_lskcipher_encrypt)(struct crypto_lskcipher *tfm, const u8 *src,
u8 *dst, unsigned len, u8 *iv)
{
struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm);
return crypto_lskcipher_crypt(tfm, src, dst, len, iv, alg->encrypt);
}
-EXPORT_SYMBOL_GPL(crypto_lskcipher_encrypt);
+DEFINE_CRYPTO_API(crypto_lskcipher_encrypt);
-int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src,
+int CRYPTO_API(crypto_lskcipher_decrypt)(struct crypto_lskcipher *tfm, const u8 *src,
u8 *dst, unsigned len, u8 *iv)
{
struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm);
return crypto_lskcipher_crypt(tfm, src, dst, len, iv, alg->decrypt);
}
-EXPORT_SYMBOL_GPL(crypto_lskcipher_decrypt);
+DEFINE_CRYPTO_API(crypto_lskcipher_decrypt);
static int crypto_lskcipher_crypt_sg(struct skcipher_request *req,
int (*crypt)(struct crypto_lskcipher *tfm,
@@ -325,21 +325,21 @@ int crypto_init_lskcipher_ops_sg(struct crypto_tfm *tfm)
return 0;
}
-int crypto_grab_lskcipher(struct crypto_lskcipher_spawn *spawn,
+int CRYPTO_API(crypto_grab_lskcipher)(struct crypto_lskcipher_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_lskcipher_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_lskcipher);
+DEFINE_CRYPTO_API(crypto_grab_lskcipher);
-struct crypto_lskcipher *crypto_alloc_lskcipher(const char *alg_name,
+struct crypto_lskcipher *CRYPTO_API(crypto_alloc_lskcipher)(const char *alg_name,
u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_lskcipher_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_lskcipher);
+DEFINE_CRYPTO_API(crypto_alloc_lskcipher);
static int lskcipher_prepare_alg(struct lskcipher_alg *alg)
{
@@ -359,7 +359,7 @@ static int lskcipher_prepare_alg(struct lskcipher_alg *alg)
return 0;
}
-int crypto_register_lskcipher(struct lskcipher_alg *alg)
+int CRYPTO_API(crypto_register_lskcipher)(struct lskcipher_alg *alg)
{
struct crypto_alg *base = &alg->co.base;
int err;
@@ -370,15 +370,15 @@ int crypto_register_lskcipher(struct lskcipher_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_lskcipher);
+DEFINE_CRYPTO_API(crypto_register_lskcipher);
-void crypto_unregister_lskcipher(struct lskcipher_alg *alg)
+void CRYPTO_API(crypto_unregister_lskcipher)(struct lskcipher_alg *alg)
{
crypto_unregister_alg(&alg->co.base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_lskcipher);
+DEFINE_CRYPTO_API(crypto_unregister_lskcipher);
-int crypto_register_lskciphers(struct lskcipher_alg *algs, int count)
+int CRYPTO_API(crypto_register_lskciphers)(struct lskcipher_alg *algs, int count)
{
int i, ret;
@@ -396,18 +396,18 @@ int crypto_register_lskciphers(struct lskcipher_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_lskciphers);
+DEFINE_CRYPTO_API(crypto_register_lskciphers);
-void crypto_unregister_lskciphers(struct lskcipher_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_lskciphers)(struct lskcipher_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_lskcipher(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_lskciphers);
+DEFINE_CRYPTO_API(crypto_unregister_lskciphers);
-int lskcipher_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(lskcipher_register_instance)(struct crypto_template *tmpl,
struct lskcipher_instance *inst)
{
int err;
@@ -421,7 +421,7 @@ int lskcipher_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, lskcipher_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(lskcipher_register_instance);
+DEFINE_CRYPTO_API(lskcipher_register_instance);
static int lskcipher_setkey_simple(struct crypto_lskcipher *tfm, const u8 *key,
unsigned int keylen)
@@ -480,7 +480,7 @@ static void lskcipher_free_instance_simple(struct lskcipher_instance *inst)
* Return: a pointer to the new instance, or an ERR_PTR(). The caller still
* needs to register the instance.
*/
-struct lskcipher_instance *lskcipher_alloc_instance_simple(
+struct lskcipher_instance *CRYPTO_API(lskcipher_alloc_instance_simple)(
struct crypto_template *tmpl, struct rtattr **tb)
{
u32 mask;
@@ -590,4 +590,4 @@ struct lskcipher_instance *lskcipher_alloc_instance_simple(
lskcipher_free_instance_simple(inst);
return ERR_PTR(err);
}
-EXPORT_SYMBOL_GPL(lskcipher_alloc_instance_simple);
+DEFINE_CRYPTO_API(lskcipher_alloc_instance_simple);
diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h
index d5aa535263f6..69de98e9819a 100644
--- a/include/crypto/internal/skcipher.h
+++ b/include/crypto/internal/skcipher.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_INTERNAL_SKCIPHER_H
#define _CRYPTO_INTERNAL_SKCIPHER_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
#include <crypto/internal/cipher.h>
#include <crypto/scatterwalk.h>
@@ -100,9 +101,9 @@ int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask);
-int crypto_grab_lskcipher(struct crypto_lskcipher_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_lskcipher, int,
+ (struct crypto_lskcipher_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
static inline void crypto_drop_skcipher(struct crypto_skcipher_spawn *spawn)
{
@@ -164,12 +165,21 @@ void crypto_unregister_skciphers(struct skcipher_alg *algs, int count);
int skcipher_register_instance(struct crypto_template *tmpl,
struct skcipher_instance *inst);
-int crypto_register_lskcipher(struct lskcipher_alg *alg);
-void crypto_unregister_lskcipher(struct lskcipher_alg *alg);
-int crypto_register_lskciphers(struct lskcipher_alg *algs, int count);
-void crypto_unregister_lskciphers(struct lskcipher_alg *algs, int count);
-int lskcipher_register_instance(struct crypto_template *tmpl,
- struct lskcipher_instance *inst);
+DECLARE_CRYPTO_API(crypto_register_lskcipher, int,
+ (struct lskcipher_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_lskcipher, void,
+ (struct lskcipher_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_lskciphers, int,
+ (struct lskcipher_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_lskciphers, void,
+ (struct lskcipher_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(lskcipher_register_instance, int,
+ (struct crypto_template *tmpl, struct lskcipher_instance *inst),
+ (tmpl, inst));
int skcipher_walk_virt(struct skcipher_walk *__restrict walk,
struct skcipher_request *__restrict req,
@@ -247,8 +257,10 @@ static inline struct crypto_lskcipher *lskcipher_cipher_simple(
return *ctx;
}
-struct lskcipher_instance *lskcipher_alloc_instance_simple(
- struct crypto_template *tmpl, struct rtattr **tb);
+DECLARE_CRYPTO_API(lskcipher_alloc_instance_simple, struct lskcipher_instance *,
+ (
+ struct crypto_template *tmpl, struct rtattr **tb),
+ (tmpl, tb));
static inline struct lskcipher_alg *lskcipher_ialg_simple(
struct lskcipher_instance *inst)
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 9e5853464345..8ce770bb1f48 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_SKCIPHER_H
#define _CRYPTO_SKCIPHER_H
+#include <crypto/api.h>
#include <linux/atomic.h>
#include <linux/container_of.h>
#include <linux/crypto.h>
@@ -297,8 +298,9 @@ struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name,
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_lskcipher *crypto_alloc_lskcipher(const char *alg_name,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_lskcipher, struct crypto_lskcipher *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_skcipher_tfm(
struct crypto_skcipher *tfm)
@@ -636,8 +638,9 @@ static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm,
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm,
- const u8 *key, unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_lskcipher_setkey, int,
+ (struct crypto_lskcipher *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
static inline unsigned int crypto_skcipher_min_keysize(
struct crypto_skcipher *tfm)
@@ -761,8 +764,9 @@ int crypto_skcipher_import(struct skcipher_request *req, const void *in);
* then this many bytes have been left unprocessed;
* < 0 if an error occurred
*/
-int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src,
- u8 *dst, unsigned len, u8 *siv);
+DECLARE_CRYPTO_API(crypto_lskcipher_encrypt, int,
+ (struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, unsigned len, u8 *siv),
+ (tfm, src, dst, len, siv));
/**
* crypto_lskcipher_decrypt() - decrypt ciphertext
@@ -781,8 +785,9 @@ int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src,
* then this many bytes have been left unprocessed;
* < 0 if an error occurred
*/
-int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src,
- u8 *dst, unsigned len, u8 *siv);
+DECLARE_CRYPTO_API(crypto_lskcipher_decrypt, int,
+ (struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, unsigned len, u8 *siv),
+ (tfm, src, dst, len, siv));
/**
* DOC: Symmetric Key Cipher Request Handle
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 061/104] crypto: fips140: convert crypto/pcrypt.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (59 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 060/104] crypto: fips140: convert crypto/lskcipher.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 062/104] crypto: fips140: convert crypto/rng.c " Vegard Nossum
` (43 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_PCRYPT --source crypto/pcrypt.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/pcrypt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index c3a9d4f2995c..b9cf7df64c4e 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -378,8 +378,8 @@ static void __exit pcrypt_exit(void)
kset_unregister(pcrypt_kset);
}
-module_init(pcrypt_init);
-module_exit(pcrypt_exit);
+crypto_module_init(pcrypt_init);
+crypto_module_exit(pcrypt_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Steffen Klassert <steffen.klassert@secunet.com>");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 062/104] crypto: fips140: convert crypto/rng.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (60 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 061/104] crypto: fips140: convert crypto/pcrypt.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 063/104] crypto: fips140: convert crypto/rsa.c " Vegard Nossum
` (42 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_RNG2 --source crypto/rng.c --header include/crypto/rng.h include/crypto/internal/rng.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 22 +++++++++++++++++++++
crypto/rng.c | 36 +++++++++++++++++------------------
include/crypto/internal/rng.h | 21 +++++++++++++++-----
include/crypto/rng.h | 18 +++++++++++++-----
4 files changed, 69 insertions(+), 28 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 70b896ef42ff..8810af32dd43 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -466,3 +466,25 @@ DEFINE_CRYPTO_API_STUB(lskcipher_alloc_instance_simple);
#endif
+/*
+ * crypto/rng.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_RNG2)
+
+#include <crypto/rng.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_get_default_rng);
+DEFINE_CRYPTO_API_STUB(crypto_put_default_rng);
+DEFINE_CRYPTO_API_STUB(crypto_alloc_rng);
+DEFINE_CRYPTO_API_STUB(crypto_rng_reset);
+
+#include <crypto/internal/rng.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_register_rng);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_rng);
+DEFINE_CRYPTO_API_STUB(crypto_register_rngs);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_rngs);
+DEFINE_CRYPTO_API_STUB(crypto_del_default_rng);
+
+#endif
+
diff --git a/crypto/rng.c b/crypto/rng.c
index 2a246e1a0918..66bbb976ac95 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -27,7 +27,7 @@ static DEFINE_MUTEX(crypto_default_rng_lock);
static struct crypto_rng *crypto_default_rng;
static int crypto_default_rng_refcnt;
-int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
+int CRYPTO_API(crypto_rng_reset)(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
{
u8 *buf = NULL;
int err;
@@ -48,7 +48,7 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
kfree_sensitive(buf);
return err;
}
-EXPORT_SYMBOL_GPL(crypto_rng_reset);
+DEFINE_CRYPTO_API(crypto_rng_reset);
static int crypto_rng_init_tfm(struct crypto_tfm *tfm)
{
@@ -100,13 +100,13 @@ static const struct crypto_type crypto_rng_type = {
.algsize = offsetof(struct rng_alg, base),
};
-struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask)
+struct crypto_rng *CRYPTO_API(crypto_alloc_rng)(const char *alg_name, u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_rng_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_rng);
+DEFINE_CRYPTO_API(crypto_alloc_rng);
-int crypto_get_default_rng(struct crypto_rng **result)
+int CRYPTO_API(crypto_get_default_rng)(struct crypto_rng **result)
{
struct crypto_rng *rng;
int err;
@@ -136,19 +136,19 @@ int crypto_get_default_rng(struct crypto_rng **result)
return err;
}
-EXPORT_SYMBOL_GPL(crypto_get_default_rng);
+DEFINE_CRYPTO_API(crypto_get_default_rng);
-void crypto_put_default_rng(struct crypto_rng **rng)
+void CRYPTO_API(crypto_put_default_rng)(struct crypto_rng **rng)
{
mutex_lock(&crypto_default_rng_lock);
*rng = NULL;
crypto_default_rng_refcnt--;
mutex_unlock(&crypto_default_rng_lock);
}
-EXPORT_SYMBOL_GPL(crypto_put_default_rng);
+DEFINE_CRYPTO_API(crypto_put_default_rng);
#if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
-int crypto_del_default_rng(void)
+int CRYPTO_API(crypto_del_default_rng)(void)
{
int err = -EBUSY;
@@ -166,10 +166,10 @@ int crypto_del_default_rng(void)
return err;
}
-EXPORT_SYMBOL_GPL(crypto_del_default_rng);
+DEFINE_CRYPTO_API(crypto_del_default_rng);
#endif
-int crypto_register_rng(struct rng_alg *alg)
+int CRYPTO_API(crypto_register_rng)(struct rng_alg *alg)
{
struct crypto_alg *base = &alg->base;
@@ -182,15 +182,15 @@ int crypto_register_rng(struct rng_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_rng);
+DEFINE_CRYPTO_API(crypto_register_rng);
-void crypto_unregister_rng(struct rng_alg *alg)
+void CRYPTO_API(crypto_unregister_rng)(struct rng_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_rng);
+DEFINE_CRYPTO_API(crypto_unregister_rng);
-int crypto_register_rngs(struct rng_alg *algs, int count)
+int CRYPTO_API(crypto_register_rngs)(struct rng_alg *algs, int count)
{
int i, ret;
@@ -208,16 +208,16 @@ int crypto_register_rngs(struct rng_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_rngs);
+DEFINE_CRYPTO_API(crypto_register_rngs);
-void crypto_unregister_rngs(struct rng_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_rngs)(struct rng_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_rng(algs + i);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_rngs);
+DEFINE_CRYPTO_API(crypto_unregister_rngs);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Random Number Generator");
diff --git a/include/crypto/internal/rng.h b/include/crypto/internal/rng.h
index e0711b6a597f..e4e4bbffc086 100644
--- a/include/crypto/internal/rng.h
+++ b/include/crypto/internal/rng.h
@@ -9,16 +9,27 @@
#ifndef _CRYPTO_INTERNAL_RNG_H
#define _CRYPTO_INTERNAL_RNG_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
#include <crypto/rng.h>
-int crypto_register_rng(struct rng_alg *alg);
-void crypto_unregister_rng(struct rng_alg *alg);
-int crypto_register_rngs(struct rng_alg *algs, int count);
-void crypto_unregister_rngs(struct rng_alg *algs, int count);
+DECLARE_CRYPTO_API(crypto_register_rng, int,
+ (struct rng_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_rng, void,
+ (struct rng_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_rngs, int,
+ (struct rng_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_rngs, void,
+ (struct rng_alg *algs, int count),
+ (algs, count));
#if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
-int crypto_del_default_rng(void);
+DECLARE_CRYPTO_API(crypto_del_default_rng, int,
+ (void),
+ ());
#else
static inline int crypto_del_default_rng(void)
{
diff --git a/include/crypto/rng.h b/include/crypto/rng.h
index 816f255adcd3..b7d7ff59d6a5 100644
--- a/include/crypto/rng.h
+++ b/include/crypto/rng.h
@@ -9,6 +9,7 @@
#ifndef _CRYPTO_RNG_H
#define _CRYPTO_RNG_H
+#include <crypto/api.h>
#include <linux/atomic.h>
#include <linux/container_of.h>
#include <linux/crypto.h>
@@ -57,8 +58,12 @@ struct crypto_rng {
struct crypto_tfm base;
};
-int crypto_get_default_rng(struct crypto_rng **rng);
-void crypto_put_default_rng(struct crypto_rng **rng);
+DECLARE_CRYPTO_API(crypto_get_default_rng, int,
+ (struct crypto_rng **rng),
+ (rng));
+DECLARE_CRYPTO_API(crypto_put_default_rng, void,
+ (struct crypto_rng **rng),
+ (rng));
/**
* DOC: Random number generator API
@@ -87,7 +92,9 @@ void crypto_put_default_rng(struct crypto_rng **rng);
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_rng, struct crypto_rng *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_rng_tfm(struct crypto_rng *tfm)
{
@@ -176,8 +183,9 @@ static inline int crypto_rng_get_bytes(struct crypto_rng *tfm,
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed,
- unsigned int slen);
+DECLARE_CRYPTO_API(crypto_rng_reset, int,
+ (struct crypto_rng *tfm, const u8 *seed, unsigned int slen),
+ (tfm, seed, slen));
/**
* crypto_rng_seedsize() - obtain seed size of RNG
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 063/104] crypto: fips140: convert crypto/rsa.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (61 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 062/104] crypto: fips140: convert crypto/rng.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 064/104] crypto: fips140: convert crypto/rsa_helper.c " Vegard Nossum
` (41 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_RSA --source crypto/rsa.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/rsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 6c7734083c98..44eef74ebad8 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -430,8 +430,8 @@ static void __exit rsa_exit(void)
crypto_unregister_akcipher(&rsa);
}
-module_init(rsa_init);
-module_exit(rsa_exit);
+crypto_module_init(rsa_init);
+crypto_module_exit(rsa_exit);
MODULE_ALIAS_CRYPTO("rsa");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("RSA generic algorithm");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 064/104] crypto: fips140: convert crypto/rsa_helper.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (62 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 063/104] crypto: fips140: convert crypto/rsa.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 065/104] crypto: fips140: convert crypto/seqiv.c " Vegard Nossum
` (40 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_RSA --source crypto/rsa_helper.c --header include/crypto/internal/rsa.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 12 ++++++++++++
crypto/rsa_helper.c | 8 ++++----
include/crypto/internal/rsa.h | 12 ++++++++----
3 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 8810af32dd43..47977f5b8554 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -488,3 +488,15 @@ DEFINE_CRYPTO_API_STUB(crypto_del_default_rng);
#endif
+/*
+ * crypto/rsa_helper.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_RSA)
+
+#include <crypto/internal/rsa.h>
+
+DEFINE_CRYPTO_API_STUB(rsa_parse_pub_key);
+DEFINE_CRYPTO_API_STUB(rsa_parse_priv_key);
+
+#endif
+
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index 94266f29049c..ba1278fcf393 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -159,12 +159,12 @@ int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
*
* Return: 0 on success or error code in case of error
*/
-int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
+int CRYPTO_API(rsa_parse_pub_key)(struct rsa_key *rsa_key, const void *key,
unsigned int key_len)
{
return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
}
-EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
+DEFINE_CRYPTO_API(rsa_parse_pub_key);
/**
* rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
@@ -178,9 +178,9 @@ EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
*
* Return: 0 on success or error code in case of error
*/
-int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
+int CRYPTO_API(rsa_parse_priv_key)(struct rsa_key *rsa_key, const void *key,
unsigned int key_len)
{
return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
}
-EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
+DEFINE_CRYPTO_API(rsa_parse_priv_key);
diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
index 071a1951b992..1265aa81f6fe 100644
--- a/include/crypto/internal/rsa.h
+++ b/include/crypto/internal/rsa.h
@@ -7,6 +7,8 @@
*/
#ifndef _RSA_HELPER_
#define _RSA_HELPER_
+
+#include <crypto/api.h>
#include <linux/types.h>
#include <crypto/akcipher.h>
@@ -48,11 +50,13 @@ struct rsa_key {
size_t qinv_sz;
};
-int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
- unsigned int key_len);
+DECLARE_CRYPTO_API(rsa_parse_pub_key, int,
+ (struct rsa_key *rsa_key, const void *key, unsigned int key_len),
+ (rsa_key, key, key_len));
-int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
- unsigned int key_len);
+DECLARE_CRYPTO_API(rsa_parse_priv_key, int,
+ (struct rsa_key *rsa_key, const void *key, unsigned int key_len),
+ (rsa_key, key, key_len));
#define RSA_PUB (true)
#define RSA_PRIV (false)
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 065/104] crypto: fips140: convert crypto/seqiv.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (63 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 064/104] crypto: fips140: convert crypto/rsa_helper.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 066/104] crypto: fips140: convert crypto/sha1.c " Vegard Nossum
` (39 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SEQIV --source crypto/seqiv.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/seqiv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/seqiv.c b/crypto/seqiv.c
index 2bae99e33526..169f4f9e9df1 100644
--- a/crypto/seqiv.c
+++ b/crypto/seqiv.c
@@ -168,8 +168,8 @@ static void __exit seqiv_module_exit(void)
crypto_unregister_template(&seqiv_tmpl);
}
-module_init(seqiv_module_init);
-module_exit(seqiv_module_exit);
+crypto_module_init(seqiv_module_init);
+crypto_module_exit(seqiv_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Sequence Number IV Generator");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 066/104] crypto: fips140: convert crypto/sha1.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (64 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 065/104] crypto: fips140: convert crypto/seqiv.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 067/104] crypto: fips140: convert crypto/sha256.c " Vegard Nossum
` (38 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SHA1 --source crypto/sha1.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/sha1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/sha1.c b/crypto/sha1.c
index ecef4bf2d9c0..17f635542943 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -184,13 +184,13 @@ static int __init crypto_sha1_mod_init(void)
{
return crypto_register_shashes(algs, ARRAY_SIZE(algs));
}
-module_init(crypto_sha1_mod_init);
+crypto_module_init(crypto_sha1_mod_init);
static void __exit crypto_sha1_mod_exit(void)
{
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
-module_exit(crypto_sha1_mod_exit);
+crypto_module_exit(crypto_sha1_mod_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Crypto API support for SHA-1 and HMAC-SHA1");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 067/104] crypto: fips140: convert crypto/sha256.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (65 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 066/104] crypto: fips140: convert crypto/sha1.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 068/104] crypto: fips140: convert crypto/sha3_generic.c " Vegard Nossum
` (37 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SHA256 --source crypto/sha256.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/sha256.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/sha256.c b/crypto/sha256.c
index 052806559f06..808448aa01c7 100644
--- a/crypto/sha256.c
+++ b/crypto/sha256.c
@@ -327,13 +327,13 @@ static int __init crypto_sha256_mod_init(void)
{
return crypto_register_shashes(algs, ARRAY_SIZE(algs));
}
-module_init(crypto_sha256_mod_init);
+crypto_module_init(crypto_sha256_mod_init);
static void __exit crypto_sha256_mod_exit(void)
{
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
-module_exit(crypto_sha256_mod_exit);
+crypto_module_exit(crypto_sha256_mod_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Crypto API support for SHA-224, SHA-256, HMAC-SHA224, and HMAC-SHA256");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 068/104] crypto: fips140: convert crypto/sha3_generic.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (66 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 067/104] crypto: fips140: convert crypto/sha256.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 069/104] crypto: fips140: convert crypto/sha512.c " Vegard Nossum
` (36 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SHA3 --source crypto/sha3_generic.c --header include/crypto/sha3.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 11 +++++++++++
crypto/sha3_generic.c | 8 ++++----
include/crypto/sha3.h | 5 ++++-
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 47977f5b8554..2567c6d6622f 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -500,3 +500,14 @@ DEFINE_CRYPTO_API_STUB(rsa_parse_priv_key);
#endif
+/*
+ * crypto/sha3_generic.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SHA3)
+
+#include <crypto/sha3.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_sha3_init);
+
+#endif
+
diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c
index 41d1e506e6de..b04bd86d6d2f 100644
--- a/crypto/sha3_generic.c
+++ b/crypto/sha3_generic.c
@@ -158,14 +158,14 @@ static void keccakf(u64 st[25])
}
}
-int crypto_sha3_init(struct shash_desc *desc)
+int CRYPTO_API(crypto_sha3_init)(struct shash_desc *desc)
{
struct sha3_state *sctx = shash_desc_ctx(desc);
memset(sctx->st, 0, sizeof(sctx->st));
return 0;
}
-EXPORT_SYMBOL(crypto_sha3_init);
+DEFINE_CRYPTO_API(crypto_sha3_init);
static int crypto_sha3_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
@@ -274,8 +274,8 @@ static void __exit sha3_generic_mod_fini(void)
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
-module_init(sha3_generic_mod_init);
-module_exit(sha3_generic_mod_fini);
+crypto_module_init(sha3_generic_mod_init);
+crypto_module_exit(sha3_generic_mod_fini);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("SHA-3 Secure Hash Algorithm");
diff --git a/include/crypto/sha3.h b/include/crypto/sha3.h
index 41e1b83a6d91..7ae0affff089 100644
--- a/include/crypto/sha3.h
+++ b/include/crypto/sha3.h
@@ -5,6 +5,7 @@
#ifndef __CRYPTO_SHA3_H__
#define __CRYPTO_SHA3_H__
+#include <crypto/api.h>
#include <linux/types.h>
#define SHA3_224_DIGEST_SIZE (224 / 8)
@@ -31,6 +32,8 @@ struct sha3_state {
u64 st[SHA3_STATE_SIZE / 8];
};
-int crypto_sha3_init(struct shash_desc *desc);
+DECLARE_CRYPTO_API(crypto_sha3_init, int,
+ (struct shash_desc *desc),
+ (desc));
#endif
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 069/104] crypto: fips140: convert crypto/sha512.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (67 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 068/104] crypto: fips140: convert crypto/sha3_generic.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 070/104] crypto: fips140: convert crypto/shash.c " Vegard Nossum
` (35 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SHA512 --source crypto/sha512.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/sha512.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/sha512.c b/crypto/sha512.c
index fb1c520978ef..ee4639b0e74e 100644
--- a/crypto/sha512.c
+++ b/crypto/sha512.c
@@ -333,13 +333,13 @@ static int __init crypto_sha512_mod_init(void)
{
return crypto_register_shashes(algs, ARRAY_SIZE(algs));
}
-module_init(crypto_sha512_mod_init);
+crypto_module_init(crypto_sha512_mod_init);
static void __exit crypto_sha512_mod_exit(void)
{
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
-module_exit(crypto_sha512_mod_exit);
+crypto_module_exit(crypto_sha512_mod_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Crypto API support for SHA-384, SHA-512, HMAC-SHA384, and HMAC-SHA512");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 070/104] crypto: fips140: convert crypto/shash.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (68 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 069/104] crypto: fips140: convert crypto/sha512.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 071/104] crypto: fips140: convert crypto/sig.c " Vegard Nossum
` (34 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_HASH2 --source crypto/shash.c --header include/crypto/hash.h include/crypto/internal/hash.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 33 ++++++++++++++
crypto/shash.c | 80 +++++++++++++++++-----------------
include/crypto/hash.h | 45 ++++++++++++-------
include/crypto/internal/hash.h | 43 ++++++++++++------
4 files changed, 133 insertions(+), 68 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 2567c6d6622f..eec551e120e2 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -511,3 +511,36 @@ DEFINE_CRYPTO_API_STUB(crypto_sha3_init);
#endif
+/*
+ * crypto/shash.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_HASH2)
+
+#include <crypto/hash.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_shash);
+DEFINE_CRYPTO_API_STUB(crypto_clone_shash);
+DEFINE_CRYPTO_API_STUB(crypto_has_shash);
+DEFINE_CRYPTO_API_STUB(crypto_shash_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_shash_digest);
+DEFINE_CRYPTO_API_STUB(crypto_shash_tfm_digest);
+DEFINE_CRYPTO_API_STUB(crypto_shash_export);
+DEFINE_CRYPTO_API_STUB(crypto_shash_import);
+DEFINE_CRYPTO_API_STUB(crypto_shash_init);
+DEFINE_CRYPTO_API_STUB(crypto_shash_finup);
+
+#include <crypto/internal/hash.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_shash_alg_has_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_register_shash);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_shash);
+DEFINE_CRYPTO_API_STUB(crypto_register_shashes);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_shashes);
+DEFINE_CRYPTO_API_STUB(shash_register_instance);
+DEFINE_CRYPTO_API_STUB(shash_free_singlespawn_instance);
+DEFINE_CRYPTO_API_STUB(crypto_grab_shash);
+DEFINE_CRYPTO_API_STUB(crypto_shash_export_core);
+DEFINE_CRYPTO_API_STUB(crypto_shash_import_core);
+
+#endif
+
diff --git a/crypto/shash.c b/crypto/shash.c
index d45d7ec83a8c..9f154cebbb95 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -47,11 +47,11 @@ static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
* when CFI is enabled, modules won't get the same address for shash_no_setkey
* (if it were exported, which inlining would require) as the core kernel will.
*/
-bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
+bool CRYPTO_API(crypto_shash_alg_has_setkey)(struct shash_alg *alg)
{
return alg->setkey != shash_no_setkey;
}
-EXPORT_SYMBOL_GPL(crypto_shash_alg_has_setkey);
+DEFINE_CRYPTO_API(crypto_shash_alg_has_setkey);
static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
{
@@ -59,7 +59,7 @@ static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
}
-int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
+int CRYPTO_API(crypto_shash_setkey)(struct crypto_shash *tfm, const u8 *key,
unsigned int keylen)
{
struct shash_alg *shash = crypto_shash_alg(tfm);
@@ -74,7 +74,7 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_shash_setkey);
+DEFINE_CRYPTO_API(crypto_shash_setkey);
static int __crypto_shash_init(struct shash_desc *desc)
{
@@ -90,13 +90,13 @@ static int __crypto_shash_init(struct shash_desc *desc)
return crypto_shash_alg(tfm)->init(desc);
}
-int crypto_shash_init(struct shash_desc *desc)
+int CRYPTO_API(crypto_shash_init)(struct shash_desc *desc)
{
if (crypto_shash_get_flags(desc->tfm) & CRYPTO_TFM_NEED_KEY)
return -ENOKEY;
return __crypto_shash_init(desc);
}
-EXPORT_SYMBOL_GPL(crypto_shash_init);
+DEFINE_CRYPTO_API(crypto_shash_init);
static int shash_default_finup(struct shash_desc *desc, const u8 *data,
unsigned int len, u8 *out)
@@ -119,7 +119,7 @@ static int crypto_shash_op_and_zero(
return err;
}
-int crypto_shash_finup(struct shash_desc *restrict desc, const u8 *data,
+int CRYPTO_API(crypto_shash_finup)(struct shash_desc *restrict desc, const u8 *data,
unsigned int len, u8 *restrict out)
{
struct crypto_shash *tfm = desc->tfm;
@@ -183,7 +183,7 @@ int crypto_shash_finup(struct shash_desc *restrict desc, const u8 *data,
return crypto_shash_op_and_zero(crypto_shash_alg(tfm)->finup, desc,
data, len, out);
}
-EXPORT_SYMBOL_GPL(crypto_shash_finup);
+DEFINE_CRYPTO_API(crypto_shash_finup);
static int shash_default_digest(struct shash_desc *desc, const u8 *data,
unsigned int len, u8 *out)
@@ -192,7 +192,7 @@ static int shash_default_digest(struct shash_desc *desc, const u8 *data,
crypto_shash_finup(desc, data, len, out);
}
-int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
+int CRYPTO_API(crypto_shash_digest)(struct shash_desc *desc, const u8 *data,
unsigned int len, u8 *out)
{
struct crypto_shash *tfm = desc->tfm;
@@ -203,9 +203,9 @@ int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
return crypto_shash_op_and_zero(crypto_shash_alg(tfm)->digest, desc,
data, len, out);
}
-EXPORT_SYMBOL_GPL(crypto_shash_digest);
+DEFINE_CRYPTO_API(crypto_shash_digest);
-int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
+int CRYPTO_API(crypto_shash_tfm_digest)(struct crypto_shash *tfm, const u8 *data,
unsigned int len, u8 *out)
{
SHASH_DESC_ON_STACK(desc, tfm);
@@ -213,7 +213,7 @@ int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
desc->tfm = tfm;
return crypto_shash_digest(desc, data, len, out);
}
-EXPORT_SYMBOL_GPL(crypto_shash_tfm_digest);
+DEFINE_CRYPTO_API(crypto_shash_tfm_digest);
static int __crypto_shash_export(struct shash_desc *desc, void *out,
int (*export)(struct shash_desc *desc,
@@ -235,14 +235,14 @@ static int __crypto_shash_export(struct shash_desc *desc, void *out,
return export(desc, out);
}
-int crypto_shash_export_core(struct shash_desc *desc, void *out)
+int CRYPTO_API(crypto_shash_export_core)(struct shash_desc *desc, void *out)
{
return __crypto_shash_export(desc, out,
crypto_shash_alg(desc->tfm)->export_core);
}
-EXPORT_SYMBOL_GPL(crypto_shash_export_core);
+DEFINE_CRYPTO_API(crypto_shash_export_core);
-int crypto_shash_export(struct shash_desc *desc, void *out)
+int CRYPTO_API(crypto_shash_export)(struct shash_desc *desc, void *out)
{
struct crypto_shash *tfm = desc->tfm;
@@ -256,7 +256,7 @@ int crypto_shash_export(struct shash_desc *desc, void *out)
}
return __crypto_shash_export(desc, out, crypto_shash_alg(tfm)->export);
}
-EXPORT_SYMBOL_GPL(crypto_shash_export);
+DEFINE_CRYPTO_API(crypto_shash_export);
static int __crypto_shash_import(struct shash_desc *desc, const void *in,
int (*import)(struct shash_desc *desc,
@@ -284,14 +284,14 @@ static int __crypto_shash_import(struct shash_desc *desc, const void *in,
return import(desc, in);
}
-int crypto_shash_import_core(struct shash_desc *desc, const void *in)
+int CRYPTO_API(crypto_shash_import_core)(struct shash_desc *desc, const void *in)
{
return __crypto_shash_import(desc, in,
crypto_shash_alg(desc->tfm)->import_core);
}
-EXPORT_SYMBOL_GPL(crypto_shash_import_core);
+DEFINE_CRYPTO_API(crypto_shash_import_core);
-int crypto_shash_import(struct shash_desc *desc, const void *in)
+int CRYPTO_API(crypto_shash_import)(struct shash_desc *desc, const void *in)
{
struct crypto_shash *tfm = desc->tfm;
int err;
@@ -309,7 +309,7 @@ int crypto_shash_import(struct shash_desc *desc, const void *in)
}
return err;
}
-EXPORT_SYMBOL_GPL(crypto_shash_import);
+DEFINE_CRYPTO_API(crypto_shash_import);
static void crypto_shash_exit_tfm(struct crypto_tfm *tfm)
{
@@ -386,29 +386,29 @@ const struct crypto_type crypto_shash_type = {
.algsize = offsetof(struct shash_alg, base),
};
-int crypto_grab_shash(struct crypto_shash_spawn *spawn,
+int CRYPTO_API(crypto_grab_shash)(struct crypto_shash_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_shash_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_shash);
+DEFINE_CRYPTO_API(crypto_grab_shash);
-struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
+struct crypto_shash *CRYPTO_API(crypto_alloc_shash)(const char *alg_name, u32 type,
u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_shash_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_shash);
+DEFINE_CRYPTO_API(crypto_alloc_shash);
-int crypto_has_shash(const char *alg_name, u32 type, u32 mask)
+int CRYPTO_API(crypto_has_shash)(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_shash_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_has_shash);
+DEFINE_CRYPTO_API(crypto_has_shash);
-struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash)
+struct crypto_shash *CRYPTO_API(crypto_clone_shash)(struct crypto_shash *hash)
{
struct crypto_tfm *tfm = crypto_shash_tfm(hash);
struct shash_alg *alg = crypto_shash_alg(hash);
@@ -443,7 +443,7 @@ struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash)
return nhash;
}
-EXPORT_SYMBOL_GPL(crypto_clone_shash);
+DEFINE_CRYPTO_API(crypto_clone_shash);
int hash_prepare_alg(struct hash_alg_common *alg)
{
@@ -529,7 +529,7 @@ static int shash_prepare_alg(struct shash_alg *alg)
return 0;
}
-int crypto_register_shash(struct shash_alg *alg)
+int CRYPTO_API(crypto_register_shash)(struct shash_alg *alg)
{
struct crypto_alg *base = &alg->base;
int err;
@@ -540,15 +540,15 @@ int crypto_register_shash(struct shash_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_shash);
+DEFINE_CRYPTO_API(crypto_register_shash);
-void crypto_unregister_shash(struct shash_alg *alg)
+void CRYPTO_API(crypto_unregister_shash)(struct shash_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_shash);
+DEFINE_CRYPTO_API(crypto_unregister_shash);
-int crypto_register_shashes(struct shash_alg *algs, int count)
+int CRYPTO_API(crypto_register_shashes)(struct shash_alg *algs, int count)
{
int i, ret;
@@ -566,18 +566,18 @@ int crypto_register_shashes(struct shash_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_shashes);
+DEFINE_CRYPTO_API(crypto_register_shashes);
-void crypto_unregister_shashes(struct shash_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_shashes)(struct shash_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_shash(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_shashes);
+DEFINE_CRYPTO_API(crypto_unregister_shashes);
-int shash_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(shash_register_instance)(struct crypto_template *tmpl,
struct shash_instance *inst)
{
int err;
@@ -591,14 +591,14 @@ int shash_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, shash_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(shash_register_instance);
+DEFINE_CRYPTO_API(shash_register_instance);
-void shash_free_singlespawn_instance(struct shash_instance *inst)
+void CRYPTO_API(shash_free_singlespawn_instance)(struct shash_instance *inst)
{
crypto_drop_spawn(shash_instance_ctx(inst));
kfree(inst);
}
-EXPORT_SYMBOL_GPL(shash_free_singlespawn_instance);
+DEFINE_CRYPTO_API(shash_free_singlespawn_instance);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Synchronous cryptographic hash type");
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index c9d6ee97360e..3476f6209a22 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -765,12 +765,17 @@ static inline void ahash_request_set_virt(struct ahash_request *req,
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
- u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_shash, struct crypto_shash *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
-struct crypto_shash *crypto_clone_shash(struct crypto_shash *tfm);
+DECLARE_CRYPTO_API(crypto_clone_shash, struct crypto_shash *,
+ (struct crypto_shash *tfm),
+ (tfm));
-int crypto_has_shash(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_has_shash, int,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
{
@@ -894,8 +899,9 @@ static inline void *shash_desc_ctx(struct shash_desc *desc)
* Context: Softirq or process context.
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
- unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_shash_setkey, int,
+ (struct crypto_shash *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
/**
* crypto_shash_digest() - calculate message digest for buffer
@@ -912,8 +918,9 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
* Return: 0 if the message digest creation was successful; < 0 if an error
* occurred
*/
-int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
- unsigned int len, u8 *out);
+DECLARE_CRYPTO_API(crypto_shash_digest, int,
+ (struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out),
+ (desc, data, len, out));
/**
* crypto_shash_tfm_digest() - calculate message digest for buffer
@@ -931,8 +938,9 @@ int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
* Context: Softirq or process context.
* Return: 0 on success; < 0 if an error occurred.
*/
-int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
- unsigned int len, u8 *out);
+DECLARE_CRYPTO_API(crypto_shash_tfm_digest, int,
+ (struct crypto_shash *tfm, const u8 *data, unsigned int len, u8 *out),
+ (tfm, data, len, out));
DECLARE_CRYPTO_API(crypto_hash_digest, int,
(struct crypto_ahash *tfm, const u8 *data, unsigned int len, u8 *out),
@@ -950,7 +958,9 @@ DECLARE_CRYPTO_API(crypto_hash_digest, int,
* Context: Softirq or process context.
* Return: 0 if the export creation was successful; < 0 if an error occurred
*/
-int crypto_shash_export(struct shash_desc *desc, void *out);
+DECLARE_CRYPTO_API(crypto_shash_export, int,
+ (struct shash_desc *desc, void *out),
+ (desc, out));
/**
* crypto_shash_import() - import operational state
@@ -964,7 +974,9 @@ int crypto_shash_export(struct shash_desc *desc, void *out);
* Context: Softirq or process context.
* Return: 0 if the import was successful; < 0 if an error occurred
*/
-int crypto_shash_import(struct shash_desc *desc, const void *in);
+DECLARE_CRYPTO_API(crypto_shash_import, int,
+ (struct shash_desc *desc, const void *in),
+ (desc, in));
/**
* crypto_shash_init() - (re)initialize message digest
@@ -978,7 +990,9 @@ int crypto_shash_import(struct shash_desc *desc, const void *in);
* Return: 0 if the message digest initialization was successful; < 0 if an
* error occurred
*/
-int crypto_shash_init(struct shash_desc *desc);
+DECLARE_CRYPTO_API(crypto_shash_init, int,
+ (struct shash_desc *desc),
+ (desc));
/**
* crypto_shash_finup() - calculate message digest of buffer
@@ -995,8 +1009,9 @@ int crypto_shash_init(struct shash_desc *desc);
* Return: 0 if the message digest creation was successful; < 0 if an error
* occurred
*/
-int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
- unsigned int len, u8 *out);
+DECLARE_CRYPTO_API(crypto_shash_finup, int,
+ (struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out),
+ (desc, data, len, out));
/**
* crypto_shash_update() - add data to message digest for processing
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index c3f9ca511cf5..29b51abc1bad 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -107,7 +107,9 @@ DECLARE_CRYPTO_API(ahash_free_singlespawn_instance, void,
(struct ahash_instance *inst),
(inst));
-bool crypto_shash_alg_has_setkey(struct shash_alg *alg);
+DECLARE_CRYPTO_API(crypto_shash_alg_has_setkey, bool,
+ (struct shash_alg *alg),
+ (alg));
DECLARE_CRYPTO_API(crypto_hash_alg_has_setkey, bool,
(struct hash_alg_common *halg),
@@ -146,17 +148,28 @@ static inline struct hash_alg_common *crypto_spawn_ahash_alg(
return __crypto_hash_alg_common(spawn->base.alg);
}
-int crypto_register_shash(struct shash_alg *alg);
-void crypto_unregister_shash(struct shash_alg *alg);
-int crypto_register_shashes(struct shash_alg *algs, int count);
-void crypto_unregister_shashes(struct shash_alg *algs, int count);
-int shash_register_instance(struct crypto_template *tmpl,
- struct shash_instance *inst);
-void shash_free_singlespawn_instance(struct shash_instance *inst);
+DECLARE_CRYPTO_API(crypto_register_shash, int,
+ (struct shash_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_shash, void,
+ (struct shash_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_shashes, int,
+ (struct shash_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_shashes, void,
+ (struct shash_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(shash_register_instance, int,
+ (struct crypto_template *tmpl, struct shash_instance *inst),
+ (tmpl, inst));
+DECLARE_CRYPTO_API(shash_free_singlespawn_instance, void,
+ (struct shash_instance *inst),
+ (inst));
-int crypto_grab_shash(struct crypto_shash_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_shash, int,
+ (struct crypto_shash_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
static inline void crypto_drop_shash(struct crypto_shash_spawn *spawn)
{
@@ -408,7 +421,9 @@ DECLARE_CRYPTO_API(crypto_ahash_import_core, int,
* Context: Softirq or process context.
* Return: 0 if the export creation was successful; < 0 if an error occurred
*/
-int crypto_shash_export_core(struct shash_desc *desc, void *out);
+DECLARE_CRYPTO_API(crypto_shash_export_core, int,
+ (struct shash_desc *desc, void *out),
+ (desc, out));
/**
* crypto_shash_import_core() - import core state
@@ -420,7 +435,9 @@ int crypto_shash_export_core(struct shash_desc *desc, void *out);
* Context: Softirq or process context.
* Return: 0 if the import was successful; < 0 if an error occurred
*/
-int crypto_shash_import_core(struct shash_desc *desc, const void *in);
+DECLARE_CRYPTO_API(crypto_shash_import_core, int,
+ (struct shash_desc *desc, const void *in),
+ (desc, in));
#endif /* _CRYPTO_INTERNAL_HASH_H */
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 071/104] crypto: fips140: convert crypto/sig.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (69 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 070/104] crypto: fips140: convert crypto/shash.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 072/104] crypto: fips140: convert crypto/simd.c " Vegard Nossum
` (33 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SIG2 --source crypto/sig.c --header include/crypto/sig.h include/crypto/internal/sig.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 18 ++++++++++++++++++
crypto/sig.c | 20 ++++++++++----------
include/crypto/internal/sig.h | 20 +++++++++++++-------
include/crypto/sig.h | 5 ++++-
4 files changed, 45 insertions(+), 18 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index eec551e120e2..c4e66d008be2 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -544,3 +544,21 @@ DEFINE_CRYPTO_API_STUB(crypto_shash_import_core);
#endif
+/*
+ * crypto/sig.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SIG2)
+
+#include <crypto/sig.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_sig);
+
+#include <crypto/internal/sig.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_register_sig);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_sig);
+DEFINE_CRYPTO_API_STUB(sig_register_instance);
+DEFINE_CRYPTO_API_STUB(crypto_grab_sig);
+
+#endif
+
diff --git a/crypto/sig.c b/crypto/sig.c
index beba745b6405..c0217bd437f6 100644
--- a/crypto/sig.c
+++ b/crypto/sig.c
@@ -77,11 +77,11 @@ static const struct crypto_type crypto_sig_type = {
.algsize = offsetof(struct sig_alg, base),
};
-struct crypto_sig *crypto_alloc_sig(const char *alg_name, u32 type, u32 mask)
+struct crypto_sig *CRYPTO_API(crypto_alloc_sig)(const char *alg_name, u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_sig_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_sig);
+DEFINE_CRYPTO_API(crypto_alloc_sig);
static int sig_default_sign(struct crypto_sig *tfm,
const void *src, unsigned int slen,
@@ -134,7 +134,7 @@ static int sig_prepare_alg(struct sig_alg *alg)
return 0;
}
-int crypto_register_sig(struct sig_alg *alg)
+int CRYPTO_API(crypto_register_sig)(struct sig_alg *alg)
{
struct crypto_alg *base = &alg->base;
int err;
@@ -145,15 +145,15 @@ int crypto_register_sig(struct sig_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_sig);
+DEFINE_CRYPTO_API(crypto_register_sig);
-void crypto_unregister_sig(struct sig_alg *alg)
+void CRYPTO_API(crypto_unregister_sig)(struct sig_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_sig);
+DEFINE_CRYPTO_API(crypto_unregister_sig);
-int sig_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(sig_register_instance)(struct crypto_template *tmpl,
struct sig_instance *inst)
{
int err;
@@ -167,16 +167,16 @@ int sig_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, sig_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(sig_register_instance);
+DEFINE_CRYPTO_API(sig_register_instance);
-int crypto_grab_sig(struct crypto_sig_spawn *spawn,
+int CRYPTO_API(crypto_grab_sig)(struct crypto_sig_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_sig_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_sig);
+DEFINE_CRYPTO_API(crypto_grab_sig);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Public Key Signature Algorithms");
diff --git a/include/crypto/internal/sig.h b/include/crypto/internal/sig.h
index b16648c1a986..8efee2dfba72 100644
--- a/include/crypto/internal/sig.h
+++ b/include/crypto/internal/sig.h
@@ -7,6 +7,7 @@
#ifndef _CRYPTO_INTERNAL_SIG_H
#define _CRYPTO_INTERNAL_SIG_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
#include <crypto/sig.h>
@@ -39,7 +40,9 @@ static inline void *crypto_sig_ctx(struct crypto_sig *tfm)
*
* Return: zero on success; error code in case of error
*/
-int crypto_register_sig(struct sig_alg *alg);
+DECLARE_CRYPTO_API(crypto_register_sig, int,
+ (struct sig_alg *alg),
+ (alg));
/**
* crypto_unregister_sig() -- Unregister public key signature algorithm
@@ -48,10 +51,13 @@ int crypto_register_sig(struct sig_alg *alg);
*
* @alg: algorithm definition
*/
-void crypto_unregister_sig(struct sig_alg *alg);
+DECLARE_CRYPTO_API(crypto_unregister_sig, void,
+ (struct sig_alg *alg),
+ (alg));
-int sig_register_instance(struct crypto_template *tmpl,
- struct sig_instance *inst);
+DECLARE_CRYPTO_API(sig_register_instance, int,
+ (struct crypto_template *tmpl, struct sig_instance *inst),
+ (tmpl, inst));
static inline struct sig_instance *sig_instance(struct crypto_instance *inst)
{
@@ -74,9 +80,9 @@ static inline void *sig_instance_ctx(struct sig_instance *inst)
return crypto_instance_ctx(sig_crypto_instance(inst));
}
-int crypto_grab_sig(struct crypto_sig_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_sig, int,
+ (struct crypto_sig_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
static inline struct crypto_sig *crypto_spawn_sig(struct crypto_sig_spawn
*spawn)
diff --git a/include/crypto/sig.h b/include/crypto/sig.h
index fa6dafafab3f..d6da8df9fd28 100644
--- a/include/crypto/sig.h
+++ b/include/crypto/sig.h
@@ -7,6 +7,7 @@
#ifndef _CRYPTO_SIG_H
#define _CRYPTO_SIG_H
+#include <crypto/api.h>
#include <linux/crypto.h>
/**
@@ -91,7 +92,9 @@ struct sig_alg {
* Return: allocated handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_sig *crypto_alloc_sig(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_sig, struct crypto_sig *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_sig_tfm(struct crypto_sig *tfm)
{
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 072/104] crypto: fips140: convert crypto/simd.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (70 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 071/104] crypto: fips140: convert crypto/sig.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 073/104] crypto: fips140: convert crypto/skcipher.c " Vegard Nossum
` (32 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SIMD --source crypto/simd.c --header include/crypto/internal/simd.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 16 ++++++++++++++++
crypto/simd.c | 24 ++++++++++++------------
include/crypto/internal/simd.h | 32 +++++++++++++++++++-------------
3 files changed, 47 insertions(+), 25 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index c4e66d008be2..112212b32d6d 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -562,3 +562,19 @@ DEFINE_CRYPTO_API_STUB(crypto_grab_sig);
#endif
+/*
+ * crypto/simd.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SIMD)
+
+#include <crypto/internal/simd.h>
+
+DEFINE_CRYPTO_API_STUB(simd_skcipher_create_compat);
+DEFINE_CRYPTO_API_STUB(simd_skcipher_free);
+DEFINE_CRYPTO_API_STUB(simd_register_skciphers_compat);
+DEFINE_CRYPTO_API_STUB(simd_unregister_skciphers);
+DEFINE_CRYPTO_API_STUB(simd_register_aeads_compat);
+DEFINE_CRYPTO_API_STUB(simd_unregister_aeads);
+
+#endif
+
diff --git a/crypto/simd.c b/crypto/simd.c
index b07721d1f3f6..32e3eb04462c 100644
--- a/crypto/simd.c
+++ b/crypto/simd.c
@@ -136,7 +136,7 @@ static int simd_skcipher_init(struct crypto_skcipher *tfm)
return 0;
}
-struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
+struct simd_skcipher_alg *CRYPTO_API(simd_skcipher_create_compat)(struct skcipher_alg *ialg,
const char *algname,
const char *drvname,
const char *basename)
@@ -195,16 +195,16 @@ struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
salg = ERR_PTR(err);
goto out;
}
-EXPORT_SYMBOL_GPL(simd_skcipher_create_compat);
+DEFINE_CRYPTO_API(simd_skcipher_create_compat);
-void simd_skcipher_free(struct simd_skcipher_alg *salg)
+void CRYPTO_API(simd_skcipher_free)(struct simd_skcipher_alg *salg)
{
crypto_unregister_skcipher(&salg->alg);
kfree(salg);
}
-EXPORT_SYMBOL_GPL(simd_skcipher_free);
+DEFINE_CRYPTO_API(simd_skcipher_free);
-int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
+int CRYPTO_API(simd_register_skciphers_compat)(struct skcipher_alg *algs, int count,
struct simd_skcipher_alg **simd_algs)
{
int err;
@@ -236,9 +236,9 @@ int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
simd_unregister_skciphers(algs, count, simd_algs);
return err;
}
-EXPORT_SYMBOL_GPL(simd_register_skciphers_compat);
+DEFINE_CRYPTO_API(simd_register_skciphers_compat);
-void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
+void CRYPTO_API(simd_unregister_skciphers)(struct skcipher_alg *algs, int count,
struct simd_skcipher_alg **simd_algs)
{
int i;
@@ -252,7 +252,7 @@ void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
}
}
}
-EXPORT_SYMBOL_GPL(simd_unregister_skciphers);
+DEFINE_CRYPTO_API(simd_unregister_skciphers);
/* AEAD support */
@@ -427,7 +427,7 @@ static void simd_aead_free(struct simd_aead_alg *salg)
kfree(salg);
}
-int simd_register_aeads_compat(struct aead_alg *algs, int count,
+int CRYPTO_API(simd_register_aeads_compat)(struct aead_alg *algs, int count,
struct simd_aead_alg **simd_algs)
{
int err;
@@ -459,9 +459,9 @@ int simd_register_aeads_compat(struct aead_alg *algs, int count,
simd_unregister_aeads(algs, count, simd_algs);
return err;
}
-EXPORT_SYMBOL_GPL(simd_register_aeads_compat);
+DEFINE_CRYPTO_API(simd_register_aeads_compat);
-void simd_unregister_aeads(struct aead_alg *algs, int count,
+void CRYPTO_API(simd_unregister_aeads)(struct aead_alg *algs, int count,
struct simd_aead_alg **simd_algs)
{
int i;
@@ -475,7 +475,7 @@ void simd_unregister_aeads(struct aead_alg *algs, int count,
}
}
}
-EXPORT_SYMBOL_GPL(simd_unregister_aeads);
+DEFINE_CRYPTO_API(simd_unregister_aeads);
MODULE_DESCRIPTION("Shared crypto SIMD helpers");
MODULE_LICENSE("GPL");
diff --git a/include/crypto/internal/simd.h b/include/crypto/internal/simd.h
index 9e338e7aafbd..a1a419f7fd57 100644
--- a/include/crypto/internal/simd.h
+++ b/include/crypto/internal/simd.h
@@ -6,6 +6,7 @@
#ifndef _CRYPTO_INTERNAL_SIMD_H
#define _CRYPTO_INTERNAL_SIMD_H
+#include <crypto/api.h>
#include <asm/simd.h>
#include <linux/percpu.h>
#include <linux/types.h>
@@ -15,28 +16,33 @@
struct simd_skcipher_alg;
struct skcipher_alg;
-struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
- const char *algname,
- const char *drvname,
- const char *basename);
-void simd_skcipher_free(struct simd_skcipher_alg *alg);
+DECLARE_CRYPTO_API(simd_skcipher_create_compat, struct simd_skcipher_alg *,
+ (struct skcipher_alg *ialg, const char *algname, const char *drvname, const char *basename),
+ (ialg, algname, drvname, basename));
+DECLARE_CRYPTO_API(simd_skcipher_free, void,
+ (struct simd_skcipher_alg *alg),
+ (alg));
-int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
- struct simd_skcipher_alg **simd_algs);
+DECLARE_CRYPTO_API(simd_register_skciphers_compat, int,
+ (struct skcipher_alg *algs, int count, struct simd_skcipher_alg **simd_algs),
+ (algs, count, simd_algs));
-void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
- struct simd_skcipher_alg **simd_algs);
+DECLARE_CRYPTO_API(simd_unregister_skciphers, void,
+ (struct skcipher_alg *algs, int count, struct simd_skcipher_alg **simd_algs),
+ (algs, count, simd_algs));
/* AEAD support */
struct simd_aead_alg;
struct aead_alg;
-int simd_register_aeads_compat(struct aead_alg *algs, int count,
- struct simd_aead_alg **simd_algs);
+DECLARE_CRYPTO_API(simd_register_aeads_compat, int,
+ (struct aead_alg *algs, int count, struct simd_aead_alg **simd_algs),
+ (algs, count, simd_algs));
-void simd_unregister_aeads(struct aead_alg *algs, int count,
- struct simd_aead_alg **simd_algs);
+DECLARE_CRYPTO_API(simd_unregister_aeads, void,
+ (struct aead_alg *algs, int count, struct simd_aead_alg **simd_algs),
+ (algs, count, simd_algs));
/*
* crypto_simd_usable() - is it allowed at this time to use SIMD instructions or
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 073/104] crypto: fips140: convert crypto/skcipher.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (71 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 072/104] crypto: fips140: convert crypto/simd.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 074/104] crypto: fips140: convert crypto/tcrypt.c " Vegard Nossum
` (31 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SKCIPHER2 --source crypto/skcipher.c --header include/crypto/skcipher.h include/crypto/internal/skcipher.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 31 +++++++++++++
crypto/skcipher.c | 72 +++++++++++++++---------------
include/crypto/internal/skcipher.h | 51 ++++++++++++---------
include/crypto/skcipher.h | 35 ++++++++++-----
4 files changed, 122 insertions(+), 67 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 112212b32d6d..115a0fc99e31 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -578,3 +578,34 @@ DEFINE_CRYPTO_API_STUB(simd_unregister_aeads);
#endif
+/*
+ * crypto/skcipher.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SKCIPHER2)
+
+#include <crypto/skcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_alloc_sync_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_has_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_encrypt);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_decrypt);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_export);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_import);
+
+#include <crypto/internal/skcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_grab_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_register_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_register_skciphers);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_skciphers);
+DEFINE_CRYPTO_API_STUB(skcipher_register_instance);
+DEFINE_CRYPTO_API_STUB(skcipher_walk_virt);
+DEFINE_CRYPTO_API_STUB(skcipher_walk_aead_encrypt);
+DEFINE_CRYPTO_API_STUB(skcipher_walk_aead_decrypt);
+DEFINE_CRYPTO_API_STUB(skcipher_alloc_instance_simple);
+
+#endif
+
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index de5fc91bba26..0bc53ac3fd0f 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -35,7 +35,7 @@ static inline struct skcipher_alg *__crypto_skcipher_alg(
return container_of(alg, struct skcipher_alg, base);
}
-int skcipher_walk_virt(struct skcipher_walk *__restrict walk,
+int CRYPTO_API(skcipher_walk_virt)(struct skcipher_walk *__restrict walk,
struct skcipher_request *__restrict req, bool atomic)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
@@ -69,7 +69,7 @@ int skcipher_walk_virt(struct skcipher_walk *__restrict walk,
return skcipher_walk_first(walk, atomic);
}
-EXPORT_SYMBOL_GPL(skcipher_walk_virt);
+DEFINE_CRYPTO_API(skcipher_walk_virt);
static int skcipher_walk_aead_common(struct skcipher_walk *__restrict walk,
struct aead_request *__restrict req,
@@ -97,7 +97,7 @@ static int skcipher_walk_aead_common(struct skcipher_walk *__restrict walk,
return skcipher_walk_first(walk, atomic);
}
-int skcipher_walk_aead_encrypt(struct skcipher_walk *__restrict walk,
+int CRYPTO_API(skcipher_walk_aead_encrypt)(struct skcipher_walk *__restrict walk,
struct aead_request *__restrict req,
bool atomic)
{
@@ -105,9 +105,9 @@ int skcipher_walk_aead_encrypt(struct skcipher_walk *__restrict walk,
return skcipher_walk_aead_common(walk, req, atomic);
}
-EXPORT_SYMBOL_GPL(skcipher_walk_aead_encrypt);
+DEFINE_CRYPTO_API(skcipher_walk_aead_encrypt);
-int skcipher_walk_aead_decrypt(struct skcipher_walk *__restrict walk,
+int CRYPTO_API(skcipher_walk_aead_decrypt)(struct skcipher_walk *__restrict walk,
struct aead_request *__restrict req,
bool atomic)
{
@@ -117,7 +117,7 @@ int skcipher_walk_aead_decrypt(struct skcipher_walk *__restrict walk,
return skcipher_walk_aead_common(walk, req, atomic);
}
-EXPORT_SYMBOL_GPL(skcipher_walk_aead_decrypt);
+DEFINE_CRYPTO_API(skcipher_walk_aead_decrypt);
static void skcipher_set_needkey(struct crypto_skcipher *tfm)
{
@@ -146,7 +146,7 @@ static int skcipher_setkey_unaligned(struct crypto_skcipher *tfm,
return ret;
}
-int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
+int CRYPTO_API(crypto_skcipher_setkey)(struct crypto_skcipher *tfm, const u8 *key,
unsigned int keylen)
{
struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
@@ -181,9 +181,9 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_setkey);
+DEFINE_CRYPTO_API(crypto_skcipher_setkey);
-int crypto_skcipher_encrypt(struct skcipher_request *req)
+int CRYPTO_API(crypto_skcipher_encrypt)(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
@@ -194,9 +194,9 @@ int crypto_skcipher_encrypt(struct skcipher_request *req)
return crypto_lskcipher_encrypt_sg(req);
return alg->encrypt(req);
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_encrypt);
+DEFINE_CRYPTO_API(crypto_skcipher_encrypt);
-int crypto_skcipher_decrypt(struct skcipher_request *req)
+int CRYPTO_API(crypto_skcipher_decrypt)(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
@@ -207,7 +207,7 @@ int crypto_skcipher_decrypt(struct skcipher_request *req)
return crypto_lskcipher_decrypt_sg(req);
return alg->decrypt(req);
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_decrypt);
+DEFINE_CRYPTO_API(crypto_skcipher_decrypt);
static int crypto_lskcipher_export(struct skcipher_request *req, void *out)
{
@@ -245,7 +245,7 @@ static int skcipher_noimport(struct skcipher_request *req, const void *in)
return 0;
}
-int crypto_skcipher_export(struct skcipher_request *req, void *out)
+int CRYPTO_API(crypto_skcipher_export)(struct skcipher_request *req, void *out)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
@@ -254,9 +254,9 @@ int crypto_skcipher_export(struct skcipher_request *req, void *out)
return crypto_lskcipher_export(req, out);
return alg->export(req, out);
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_export);
+DEFINE_CRYPTO_API(crypto_skcipher_export);
-int crypto_skcipher_import(struct skcipher_request *req, const void *in)
+int CRYPTO_API(crypto_skcipher_import)(struct skcipher_request *req, const void *in)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
@@ -265,7 +265,7 @@ int crypto_skcipher_import(struct skcipher_request *req, const void *in)
return crypto_lskcipher_import(req, in);
return alg->import(req, in);
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_import);
+DEFINE_CRYPTO_API(crypto_skcipher_import);
static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
{
@@ -374,23 +374,23 @@ static const struct crypto_type crypto_skcipher_type = {
.algsize = offsetof(struct skcipher_alg, base),
};
-int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn,
+int CRYPTO_API(crypto_grab_skcipher)(struct crypto_skcipher_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_skcipher_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_skcipher);
+DEFINE_CRYPTO_API(crypto_grab_skcipher);
-struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name,
+struct crypto_skcipher *CRYPTO_API(crypto_alloc_skcipher)(const char *alg_name,
u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_skcipher_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_skcipher);
+DEFINE_CRYPTO_API(crypto_alloc_skcipher);
-struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(
+struct crypto_sync_skcipher *CRYPTO_API(crypto_alloc_sync_skcipher)(
const char *alg_name, u32 type, u32 mask)
{
struct crypto_skcipher *tfm;
@@ -413,13 +413,13 @@ struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(
return (struct crypto_sync_skcipher *)tfm;
}
-EXPORT_SYMBOL_GPL(crypto_alloc_sync_skcipher);
+DEFINE_CRYPTO_API(crypto_alloc_sync_skcipher);
-int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask)
+int CRYPTO_API(crypto_has_skcipher)(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_skcipher_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_has_skcipher);
+DEFINE_CRYPTO_API(crypto_has_skcipher);
int skcipher_prepare_alg_common(struct skcipher_alg_common *alg)
{
@@ -465,7 +465,7 @@ static int skcipher_prepare_alg(struct skcipher_alg *alg)
return 0;
}
-int crypto_register_skcipher(struct skcipher_alg *alg)
+int CRYPTO_API(crypto_register_skcipher)(struct skcipher_alg *alg)
{
struct crypto_alg *base = &alg->base;
int err;
@@ -476,15 +476,15 @@ int crypto_register_skcipher(struct skcipher_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_skcipher);
+DEFINE_CRYPTO_API(crypto_register_skcipher);
-void crypto_unregister_skcipher(struct skcipher_alg *alg)
+void CRYPTO_API(crypto_unregister_skcipher)(struct skcipher_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_skcipher);
+DEFINE_CRYPTO_API(crypto_unregister_skcipher);
-int crypto_register_skciphers(struct skcipher_alg *algs, int count)
+int CRYPTO_API(crypto_register_skciphers)(struct skcipher_alg *algs, int count)
{
int i, ret;
@@ -502,18 +502,18 @@ int crypto_register_skciphers(struct skcipher_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_skciphers);
+DEFINE_CRYPTO_API(crypto_register_skciphers);
-void crypto_unregister_skciphers(struct skcipher_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_skciphers)(struct skcipher_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_skcipher(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_skciphers);
+DEFINE_CRYPTO_API(crypto_unregister_skciphers);
-int skcipher_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(skcipher_register_instance)(struct crypto_template *tmpl,
struct skcipher_instance *inst)
{
int err;
@@ -527,7 +527,7 @@ int skcipher_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, skcipher_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(skcipher_register_instance);
+DEFINE_CRYPTO_API(skcipher_register_instance);
static int skcipher_setkey_simple(struct crypto_skcipher *tfm, const u8 *key,
unsigned int keylen)
@@ -584,7 +584,7 @@ static void skcipher_free_instance_simple(struct skcipher_instance *inst)
* Return: a pointer to the new instance, or an ERR_PTR(). The caller still
* needs to register the instance.
*/
-struct skcipher_instance *skcipher_alloc_instance_simple(
+struct skcipher_instance *CRYPTO_API(skcipher_alloc_instance_simple)(
struct crypto_template *tmpl, struct rtattr **tb)
{
u32 mask;
@@ -635,7 +635,7 @@ struct skcipher_instance *skcipher_alloc_instance_simple(
skcipher_free_instance_simple(inst);
return ERR_PTR(err);
}
-EXPORT_SYMBOL_GPL(skcipher_alloc_instance_simple);
+DEFINE_CRYPTO_API(skcipher_alloc_instance_simple);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Symmetric key cipher type");
diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h
index 69de98e9819a..d55b9b9d42a1 100644
--- a/include/crypto/internal/skcipher.h
+++ b/include/crypto/internal/skcipher.h
@@ -97,9 +97,9 @@ static inline void skcipher_request_complete(struct skcipher_request *req, int e
crypto_request_complete(&req->base, err);
}
-int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_skcipher, int,
+ (struct crypto_skcipher_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
DECLARE_CRYPTO_API(crypto_grab_lskcipher, int,
(struct crypto_lskcipher_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
@@ -158,12 +158,21 @@ static inline void crypto_skcipher_set_reqsize_dma(
skcipher->reqsize = reqsize;
}
-int crypto_register_skcipher(struct skcipher_alg *alg);
-void crypto_unregister_skcipher(struct skcipher_alg *alg);
-int crypto_register_skciphers(struct skcipher_alg *algs, int count);
-void crypto_unregister_skciphers(struct skcipher_alg *algs, int count);
-int skcipher_register_instance(struct crypto_template *tmpl,
- struct skcipher_instance *inst);
+DECLARE_CRYPTO_API(crypto_register_skcipher, int,
+ (struct skcipher_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_skcipher, void,
+ (struct skcipher_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_skciphers, int,
+ (struct skcipher_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_skciphers, void,
+ (struct skcipher_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(skcipher_register_instance, int,
+ (struct crypto_template *tmpl, struct skcipher_instance *inst),
+ (tmpl, inst));
DECLARE_CRYPTO_API(crypto_register_lskcipher, int,
(struct lskcipher_alg *alg),
@@ -181,15 +190,15 @@ DECLARE_CRYPTO_API(lskcipher_register_instance, int,
(struct crypto_template *tmpl, struct lskcipher_instance *inst),
(tmpl, inst));
-int skcipher_walk_virt(struct skcipher_walk *__restrict walk,
- struct skcipher_request *__restrict req,
- bool atomic);
-int skcipher_walk_aead_encrypt(struct skcipher_walk *__restrict walk,
- struct aead_request *__restrict req,
- bool atomic);
-int skcipher_walk_aead_decrypt(struct skcipher_walk *__restrict walk,
- struct aead_request *__restrict req,
- bool atomic);
+DECLARE_CRYPTO_API(skcipher_walk_virt, int,
+ (struct skcipher_walk *__restrict walk, struct skcipher_request *__restrict req, bool atomic),
+ (walk, req, atomic));
+DECLARE_CRYPTO_API(skcipher_walk_aead_encrypt, int,
+ (struct skcipher_walk *__restrict walk, struct aead_request *__restrict req, bool atomic),
+ (walk, req, atomic));
+DECLARE_CRYPTO_API(skcipher_walk_aead_decrypt, int,
+ (struct skcipher_walk *__restrict walk, struct aead_request *__restrict req, bool atomic),
+ (walk, req, atomic));
static inline void *crypto_skcipher_ctx(struct crypto_skcipher *tfm)
{
@@ -238,8 +247,10 @@ skcipher_cipher_simple(struct crypto_skcipher *tfm)
return ctx->cipher;
}
-struct skcipher_instance *skcipher_alloc_instance_simple(
- struct crypto_template *tmpl, struct rtattr **tb);
+DECLARE_CRYPTO_API(skcipher_alloc_instance_simple, struct skcipher_instance *,
+ (
+ struct crypto_template *tmpl, struct rtattr **tb),
+ (tmpl, tb));
static inline struct crypto_alg *skcipher_ialg_simple(
struct skcipher_instance *inst)
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 8ce770bb1f48..ad2e945de9fa 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -277,11 +277,13 @@ static inline struct crypto_skcipher *__crypto_skcipher_cast(
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_skcipher, struct crypto_skcipher *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
-struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_sync_skcipher, struct crypto_sync_skcipher *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
/**
@@ -357,7 +359,9 @@ static inline void crypto_free_lskcipher(struct crypto_lskcipher *tfm)
* Return: true when the skcipher is known to the kernel crypto API; false
* otherwise
*/
-int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_has_skcipher, int,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline const char *crypto_skcipher_driver_name(
struct crypto_skcipher *tfm)
@@ -613,8 +617,9 @@ static inline void crypto_lskcipher_clear_flags(struct crypto_lskcipher *tfm,
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_skcipher_setkey(struct crypto_skcipher *tfm,
- const u8 *key, unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_skcipher_setkey, int,
+ (struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm,
const u8 *key, unsigned int keylen)
@@ -700,7 +705,9 @@ static inline struct crypto_sync_skcipher *crypto_sync_skcipher_reqtfm(
*
* Return: 0 if the cipher operation was successful; < 0 if an error occurred
*/
-int crypto_skcipher_encrypt(struct skcipher_request *req);
+DECLARE_CRYPTO_API(crypto_skcipher_encrypt, int,
+ (struct skcipher_request *req),
+ (req));
/**
* crypto_skcipher_decrypt() - decrypt ciphertext
@@ -713,7 +720,9 @@ int crypto_skcipher_encrypt(struct skcipher_request *req);
*
* Return: 0 if the cipher operation was successful; < 0 if an error occurred
*/
-int crypto_skcipher_decrypt(struct skcipher_request *req);
+DECLARE_CRYPTO_API(crypto_skcipher_decrypt, int,
+ (struct skcipher_request *req),
+ (req));
/**
* crypto_skcipher_export() - export partial state
@@ -731,7 +740,9 @@ int crypto_skcipher_decrypt(struct skcipher_request *req);
*
* Return: 0 if the cipher operation was successful; < 0 if an error occurred
*/
-int crypto_skcipher_export(struct skcipher_request *req, void *out);
+DECLARE_CRYPTO_API(crypto_skcipher_export, int,
+ (struct skcipher_request *req, void *out),
+ (req, out));
/**
* crypto_skcipher_import() - import partial state
@@ -746,7 +757,9 @@ int crypto_skcipher_export(struct skcipher_request *req, void *out);
*
* Return: 0 if the cipher operation was successful; < 0 if an error occurred
*/
-int crypto_skcipher_import(struct skcipher_request *req, const void *in);
+DECLARE_CRYPTO_API(crypto_skcipher_import, int,
+ (struct skcipher_request *req, const void *in),
+ (req, in));
/**
* crypto_lskcipher_encrypt() - encrypt plaintext
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 074/104] crypto: fips140: convert crypto/tcrypt.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (72 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 073/104] crypto: fips140: convert crypto/skcipher.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 075/104] crypto: fips140: convert crypto/testmgr.c " Vegard Nossum
` (30 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_BENCHMARK --source crypto/tcrypt.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/tcrypt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index b69560f2fdef..233ab3073b79 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -2864,8 +2864,8 @@ static int __init tcrypt_mod_init(void)
*/
static void __exit tcrypt_mod_fini(void) { }
-late_initcall(tcrypt_mod_init);
-module_exit(tcrypt_mod_fini);
+crypto_late_initcall(tcrypt_mod_init);
+crypto_module_exit(tcrypt_mod_fini);
module_param(alg, charp, 0);
module_param(type, uint, 0);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 075/104] crypto: fips140: convert crypto/testmgr.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (73 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 074/104] crypto: fips140: convert crypto/tcrypt.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 076/104] crypto: fips140: convert crypto/xts.c " Vegard Nossum
` (29 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_MANAGER2 --source crypto/testmgr.c --header crypto/internal.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 11 +++++++++++
crypto/internal.h | 4 +++-
crypto/testmgr.c | 6 +++---
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 115a0fc99e31..5599cfa963d8 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -609,3 +609,14 @@ DEFINE_CRYPTO_API_STUB(skcipher_alloc_instance_simple);
#endif
+/*
+ * crypto/testmgr.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_MANAGER2)
+
+#include <crypto/internal.h>
+
+DEFINE_CRYPTO_API_STUB(alg_test);
+
+#endif
+
diff --git a/crypto/internal.h b/crypto/internal.h
index 700280457bf6..f4b12863d922 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -66,7 +66,9 @@ extern struct list_head crypto_alg_list;
extern struct rw_semaphore crypto_alg_sem;
extern struct blocking_notifier_head crypto_chain;
-int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(alg_test, int,
+ (struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask),
+ (alg, driver, name, type, mask));
#if !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) || !IS_ENABLED(CONFIG_CRYPTO_SELFTESTS)
static inline bool crypto_boot_test_finished(void)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 35626ae18c60..54560f3431ca 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -61,7 +61,7 @@ MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations");
#ifndef CONFIG_CRYPTO_SELFTESTS
/* a perfect nop */
-int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
+int CRYPTO_API(alg_test)(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
{
return 0;
}
@@ -5864,7 +5864,7 @@ static int alg_test_fips_disabled(const struct crypto_alg *alg, const struct alg
return !(desc->fips_allowed & FIPS_NON_CRYPTOGRAPHIC);
}
-int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
+int CRYPTO_API(alg_test)(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
{
int i;
int j;
@@ -5967,4 +5967,4 @@ int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 t
#endif /* CONFIG_CRYPTO_SELFTESTS */
-EXPORT_SYMBOL_GPL(alg_test);
+DEFINE_CRYPTO_API(alg_test);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 076/104] crypto: fips140: convert crypto/xts.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (74 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 075/104] crypto: fips140: convert crypto/testmgr.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 077/104] crypto: fips140: convert crypto/asymmetric_keys/asymmetric_type.c " Vegard Nossum
` (28 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_XTS --source crypto/xts.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/xts.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/xts.c b/crypto/xts.c
index 3da8f5e053d6..97e499893292 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -466,8 +466,8 @@ static void __exit xts_module_exit(void)
crypto_unregister_template(&xts_tmpl);
}
-module_init(xts_module_init);
-module_exit(xts_module_exit);
+crypto_module_init(xts_module_init);
+crypto_module_exit(xts_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("XTS block cipher mode");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 077/104] crypto: fips140: convert crypto/asymmetric_keys/asymmetric_type.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (75 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 076/104] crypto: fips140: convert crypto/xts.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 078/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_key_type.c " Vegard Nossum
` (27 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_ASYMMETRIC_KEY_TYPE --source crypto/asymmetric_keys/asymmetric_type.c --header include/keys/asymmetric-parser.h include/keys/asymmetric-type.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/asymmetric_type.c | 30 ++++++++++++------------
crypto/fips140-api.c | 19 +++++++++++++++
include/keys/asymmetric-parser.h | 8 +++++--
include/keys/asymmetric-type.h | 26 ++++++++++----------
4 files changed, 53 insertions(+), 30 deletions(-)
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index ba2d9d1ea235..7c0a73d17eb9 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -38,7 +38,7 @@ static DECLARE_RWSEM(asymmetric_key_parsers_sem);
* exactly. If both are missing, id_2 must match the sought key's third
* identifier exactly.
*/
-struct key *find_asymmetric_key(struct key *keyring,
+struct key *CRYPTO_API(find_asymmetric_key)(struct key *keyring,
const struct asymmetric_key_id *id_0,
const struct asymmetric_key_id *id_1,
const struct asymmetric_key_id *id_2,
@@ -124,7 +124,7 @@ struct key *find_asymmetric_key(struct key *keyring,
key_put(key);
return ERR_PTR(-EKEYREJECTED);
}
-EXPORT_SYMBOL_GPL(find_asymmetric_key);
+DEFINE_CRYPTO_API(find_asymmetric_key);
/**
* asymmetric_key_generate_id: Construct an asymmetric key ID
@@ -135,7 +135,7 @@ EXPORT_SYMBOL_GPL(find_asymmetric_key);
*
* Construct an asymmetric key ID from a pair of binary blobs.
*/
-struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
+struct asymmetric_key_id *CRYPTO_API(asymmetric_key_generate_id)(const void *val_1,
size_t len_1,
const void *val_2,
size_t len_2)
@@ -151,14 +151,14 @@ struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
memcpy(kid->data + len_1, val_2, len_2);
return kid;
}
-EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
+DEFINE_CRYPTO_API(asymmetric_key_generate_id);
/**
* asymmetric_key_id_same - Return true if two asymmetric keys IDs are the same.
* @kid1: The key ID to compare
* @kid2: The key ID to compare
*/
-bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
+bool CRYPTO_API(asymmetric_key_id_same)(const struct asymmetric_key_id *kid1,
const struct asymmetric_key_id *kid2)
{
if (!kid1 || !kid2)
@@ -167,7 +167,7 @@ bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
return false;
return memcmp(kid1->data, kid2->data, kid1->len) == 0;
}
-EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
+DEFINE_CRYPTO_API(asymmetric_key_id_same);
/**
* asymmetric_key_id_partial - Return true if two asymmetric keys IDs
@@ -175,7 +175,7 @@ EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
* @kid1: The key ID to compare
* @kid2: The key ID to compare
*/
-bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
+bool CRYPTO_API(asymmetric_key_id_partial)(const struct asymmetric_key_id *kid1,
const struct asymmetric_key_id *kid2)
{
if (!kid1 || !kid2)
@@ -185,7 +185,7 @@ bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
return memcmp(kid1->data + (kid1->len - kid2->len),
kid2->data, kid2->len) == 0;
}
-EXPORT_SYMBOL_GPL(asymmetric_key_id_partial);
+DEFINE_CRYPTO_API(asymmetric_key_id_partial);
/**
* asymmetric_match_key_ids - Search asymmetric key IDs 1 & 2
@@ -281,7 +281,7 @@ static bool asymmetric_key_cmp_name(const struct key *key,
const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
const struct asymmetric_key_id *match_id = match_data->preparsed;
- return kids && asymmetric_key_id_same(kids->id[2], match_id);
+ return kids && CRYPTO_API(asymmetric_key_id_same)(kids->id[2], match_id);
}
/*
@@ -617,7 +617,7 @@ EXPORT_SYMBOL_GPL(key_type_asymmetric);
* register_asymmetric_key_parser - Register a asymmetric key blob parser
* @parser: The parser to register
*/
-int register_asymmetric_key_parser(struct asymmetric_key_parser *parser)
+int CRYPTO_API(register_asymmetric_key_parser)(struct asymmetric_key_parser *parser)
{
struct asymmetric_key_parser *cursor;
int ret;
@@ -642,13 +642,13 @@ int register_asymmetric_key_parser(struct asymmetric_key_parser *parser)
up_write(&asymmetric_key_parsers_sem);
return ret;
}
-EXPORT_SYMBOL_GPL(register_asymmetric_key_parser);
+DEFINE_CRYPTO_API(register_asymmetric_key_parser);
/**
* unregister_asymmetric_key_parser - Unregister a asymmetric key blob parser
* @parser: The parser to unregister
*/
-void unregister_asymmetric_key_parser(struct asymmetric_key_parser *parser)
+void CRYPTO_API(unregister_asymmetric_key_parser)(struct asymmetric_key_parser *parser)
{
down_write(&asymmetric_key_parsers_sem);
list_del(&parser->link);
@@ -656,7 +656,7 @@ void unregister_asymmetric_key_parser(struct asymmetric_key_parser *parser)
pr_notice("Asymmetric key parser '%s' unregistered\n", parser->name);
}
-EXPORT_SYMBOL_GPL(unregister_asymmetric_key_parser);
+DEFINE_CRYPTO_API(unregister_asymmetric_key_parser);
/*
* Module stuff
@@ -671,5 +671,5 @@ static void __exit asymmetric_key_cleanup(void)
unregister_key_type(&key_type_asymmetric);
}
-module_init(asymmetric_key_init);
-module_exit(asymmetric_key_cleanup);
+crypto_module_init(asymmetric_key_init);
+crypto_module_exit(asymmetric_key_cleanup);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 5599cfa963d8..81d920836e1b 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -620,3 +620,22 @@ DEFINE_CRYPTO_API_STUB(alg_test);
#endif
+/*
+ * crypto/asymmetric_keys/asymmetric_type.c
+ */
+#if !IS_BUILTIN(CONFIG_ASYMMETRIC_KEY_TYPE)
+
+#include <keys/asymmetric-parser.h>
+
+DEFINE_CRYPTO_API_STUB(register_asymmetric_key_parser);
+DEFINE_CRYPTO_API_STUB(unregister_asymmetric_key_parser);
+
+#include <keys/asymmetric-type.h>
+
+DEFINE_CRYPTO_API_STUB(asymmetric_key_id_same);
+DEFINE_CRYPTO_API_STUB(asymmetric_key_id_partial);
+DEFINE_CRYPTO_API_STUB(asymmetric_key_generate_id);
+DEFINE_CRYPTO_API_STUB(find_asymmetric_key);
+
+#endif
+
diff --git a/include/keys/asymmetric-parser.h b/include/keys/asymmetric-parser.h
index 516a3f51179e..682c82588cee 100644
--- a/include/keys/asymmetric-parser.h
+++ b/include/keys/asymmetric-parser.h
@@ -29,7 +29,11 @@ struct asymmetric_key_parser {
int (*parse)(struct key_preparsed_payload *prep);
};
-extern int register_asymmetric_key_parser(struct asymmetric_key_parser *);
-extern void unregister_asymmetric_key_parser(struct asymmetric_key_parser *);
+DECLARE_CRYPTO_API(register_asymmetric_key_parser, int,
+ (struct asymmetric_key_parser *parser),
+ (parser));
+DECLARE_CRYPTO_API(unregister_asymmetric_key_parser, void,
+ (struct asymmetric_key_parser *parser),
+ (parser));
#endif /* _KEYS_ASYMMETRIC_PARSER_H */
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
index 69a13e1e5b2e..fb7f82527978 100644
--- a/include/keys/asymmetric-type.h
+++ b/include/keys/asymmetric-type.h
@@ -10,6 +10,7 @@
#ifndef _KEYS_ASYMMETRIC_TYPE_H
#define _KEYS_ASYMMETRIC_TYPE_H
+#include <crypto/api.h>
#include <linux/key-type.h>
#include <linux/verification.h>
@@ -56,16 +57,17 @@ struct asymmetric_key_ids {
void *id[3];
};
-extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
- const struct asymmetric_key_id *kid2);
+DECLARE_CRYPTO_API(asymmetric_key_id_same, bool,
+ (const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2),
+ (kid1, kid2));
-extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
- const struct asymmetric_key_id *kid2);
+DECLARE_CRYPTO_API(asymmetric_key_id_partial, bool,
+ (const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2),
+ (kid1, kid2));
-extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
- size_t len_1,
- const void *val_2,
- size_t len_2);
+DECLARE_CRYPTO_API(asymmetric_key_generate_id, struct asymmetric_key_id *,
+ (const void *val_1, size_t len_1, const void *val_2, size_t len_2),
+ (val_1, len_1, val_2, len_2));
static inline
const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
{
@@ -78,11 +80,9 @@ const struct public_key *asymmetric_key_public_key(const struct key *key)
return key->payload.data[asym_crypto];
}
-extern struct key *find_asymmetric_key(struct key *keyring,
- const struct asymmetric_key_id *id_0,
- const struct asymmetric_key_id *id_1,
- const struct asymmetric_key_id *id_2,
- bool partial);
+DECLARE_CRYPTO_API(find_asymmetric_key, struct key *,
+ (struct key *keyring, const struct asymmetric_key_id *id_0, const struct asymmetric_key_id *id_1, const struct asymmetric_key_id *id_2, bool partial),
+ (keyring, id_0, id_1, id_2, partial));
int x509_load_certificate_list(const u8 cert_list[], const unsigned long list_size,
const struct key *keyring);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 078/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_key_type.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (76 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 077/104] crypto: fips140: convert crypto/asymmetric_keys/asymmetric_type.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 079/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_parser.c " Vegard Nossum
` (26 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS7_TEST_KEY --source crypto/asymmetric_keys/pkcs7_key_type.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs7_key_type.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index e71be8b5b0f2..6566c74665fd 100644
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -92,5 +92,5 @@ static void __exit pkcs7_key_cleanup(void)
unregister_key_type(&key_type_pkcs7);
}
-module_init(pkcs7_key_init);
-module_exit(pkcs7_key_cleanup);
+crypto_module_init(pkcs7_key_init);
+crypto_module_exit(pkcs7_key_cleanup);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 079/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_parser.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (77 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 078/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_key_type.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 080/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_trust.c " Vegard Nossum
` (25 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS7_MESSAGE_PARSER --source crypto/asymmetric_keys/pkcs7_parser.c --header include/crypto/pkcs7.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs7_parser.c | 12 ++++++------
crypto/fips140-api.c | 13 +++++++++++++
include/crypto/pkcs7.h | 18 +++++++++++-------
3 files changed, 30 insertions(+), 13 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index 423d13c47545..68e70ec19d4d 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -54,7 +54,7 @@ static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
* pkcs7_free_message - Free a PKCS#7 message
* @pkcs7: The PKCS#7 message to free
*/
-void pkcs7_free_message(struct pkcs7_message *pkcs7)
+void CRYPTO_API(pkcs7_free_message)(struct pkcs7_message *pkcs7)
{
struct x509_certificate *cert;
struct pkcs7_signed_info *sinfo;
@@ -78,7 +78,7 @@ void pkcs7_free_message(struct pkcs7_message *pkcs7)
kfree(pkcs7);
}
}
-EXPORT_SYMBOL_GPL(pkcs7_free_message);
+DEFINE_CRYPTO_API(pkcs7_free_message);
/*
* Check authenticatedAttributes are provided or not provided consistently.
@@ -112,7 +112,7 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg)
* @data: The raw binary ASN.1 encoded message to be parsed
* @datalen: The size of the encoded message
*/
-struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
+struct pkcs7_message *CRYPTO_API(pkcs7_parse_message)(const void *data, size_t datalen)
{
struct pkcs7_parse_context *ctx;
struct pkcs7_message *msg = ERR_PTR(-ENOMEM);
@@ -167,7 +167,7 @@ struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
out_no_ctx:
return msg;
}
-EXPORT_SYMBOL_GPL(pkcs7_parse_message);
+DEFINE_CRYPTO_API(pkcs7_parse_message);
/**
* pkcs7_get_content_data - Get access to the PKCS#7 content
@@ -182,7 +182,7 @@ EXPORT_SYMBOL_GPL(pkcs7_parse_message);
*
* Returns -ENODATA if the data object was missing from the message.
*/
-int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
+int CRYPTO_API(pkcs7_get_content_data)(const struct pkcs7_message *pkcs7,
const void **_data, size_t *_data_len,
size_t *_headerlen)
{
@@ -195,7 +195,7 @@ int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
*_headerlen = pkcs7->data_hdrlen;
return 0;
}
-EXPORT_SYMBOL_GPL(pkcs7_get_content_data);
+DEFINE_CRYPTO_API(pkcs7_get_content_data);
/*
* Note an OID when we find one for later processing when we know how
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 81d920836e1b..36d7cd3595a9 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -639,3 +639,16 @@ DEFINE_CRYPTO_API_STUB(find_asymmetric_key);
#endif
+/*
+ * crypto/asymmetric_keys/pkcs7_parser.c
+ */
+#if !IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER)
+
+#include <crypto/pkcs7.h>
+
+DEFINE_CRYPTO_API_STUB(pkcs7_parse_message);
+DEFINE_CRYPTO_API_STUB(pkcs7_free_message);
+DEFINE_CRYPTO_API_STUB(pkcs7_get_content_data);
+
+#endif
+
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index 38ec7f5f9041..fcb744d3f436 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_PKCS7_H
#define _CRYPTO_PKCS7_H
+#include <crypto/api.h>
#include <linux/verification.h>
#include <linux/hash_info.h>
#include <crypto/public_key.h>
@@ -18,13 +19,16 @@ struct pkcs7_message;
/*
* pkcs7_parser.c
*/
-extern struct pkcs7_message *pkcs7_parse_message(const void *data,
- size_t datalen);
-extern void pkcs7_free_message(struct pkcs7_message *pkcs7);
-
-extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
- const void **_data, size_t *_datalen,
- size_t *_headerlen);
+DECLARE_CRYPTO_API(pkcs7_parse_message, struct pkcs7_message *,
+ (const void *data, size_t datalen),
+ (data, datalen));
+DECLARE_CRYPTO_API(pkcs7_free_message, void,
+ (struct pkcs7_message *pkcs7),
+ (pkcs7));
+
+DECLARE_CRYPTO_API(pkcs7_get_content_data, int,
+ (const struct pkcs7_message *pkcs7, const void **_data, size_t *_datalen, size_t *_headerlen),
+ (pkcs7, _data, _datalen, _headerlen));
/*
* pkcs7_trust.c
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 080/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_trust.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (78 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 079/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_parser.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 081/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_verify.c " Vegard Nossum
` (24 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS7_MESSAGE_PARSER --source crypto/asymmetric_keys/pkcs7_trust.c --header include/crypto/pkcs7.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs7_trust.c | 4 ++--
crypto/fips140-api.c | 11 +++++++++++
include/crypto/pkcs7.h | 5 +++--
3 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index 9a87c34ed173..0c04ba146ab6 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -155,7 +155,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
*
* May also return -ENOMEM.
*/
-int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+int CRYPTO_API(pkcs7_validate_trust)(struct pkcs7_message *pkcs7,
struct key *trust_keyring)
{
struct pkcs7_signed_info *sinfo;
@@ -185,4 +185,4 @@ int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
return cached_ret;
}
-EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
+DEFINE_CRYPTO_API(pkcs7_validate_trust);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 36d7cd3595a9..f65b2a950ccf 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -652,3 +652,14 @@ DEFINE_CRYPTO_API_STUB(pkcs7_get_content_data);
#endif
+/*
+ * crypto/asymmetric_keys/pkcs7_trust.c
+ */
+#if !IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER)
+
+#include <crypto/pkcs7.h>
+
+DEFINE_CRYPTO_API_STUB(pkcs7_validate_trust);
+
+#endif
+
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index fcb744d3f436..bec3884eb242 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -33,8 +33,9 @@ DECLARE_CRYPTO_API(pkcs7_get_content_data, int,
/*
* pkcs7_trust.c
*/
-extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
- struct key *trust_keyring);
+DECLARE_CRYPTO_API(pkcs7_validate_trust, int,
+ (struct pkcs7_message *pkcs7, struct key *trust_keyring),
+ (pkcs7, trust_keyring));
/*
* pkcs7_verify.c
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 081/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_verify.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (79 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 080/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_trust.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 082/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs8_parser.c " Vegard Nossum
` (23 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS7_MESSAGE_PARSER --source crypto/asymmetric_keys/pkcs7_verify.c --header include/crypto/pkcs7.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs7_verify.c | 8 ++++----
crypto/fips140-api.c | 12 ++++++++++++
include/crypto/pkcs7.h | 10 ++++++----
3 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index f0d4ff3c20a8..ebb86a8ace9c 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -391,7 +391,7 @@ static int pkcs7_verify_one(struct pkcs7_message *pkcs7,
* (*) -ENOPKG if none of the signature chains are verifiable because suitable
* crypto modules couldn't be found.
*/
-int pkcs7_verify(struct pkcs7_message *pkcs7,
+int CRYPTO_API(pkcs7_verify)(struct pkcs7_message *pkcs7,
enum key_being_used_for usage)
{
struct pkcs7_signed_info *sinfo;
@@ -459,7 +459,7 @@ int pkcs7_verify(struct pkcs7_message *pkcs7,
kleave(" = %d", actual_ret);
return actual_ret;
}
-EXPORT_SYMBOL_GPL(pkcs7_verify);
+DEFINE_CRYPTO_API(pkcs7_verify);
/**
* pkcs7_supply_detached_data - Supply the data needed to verify a PKCS#7 message
@@ -474,7 +474,7 @@ EXPORT_SYMBOL_GPL(pkcs7_verify);
*
* Returns -EINVAL if data is already supplied in the message, 0 otherwise.
*/
-int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
+int CRYPTO_API(pkcs7_supply_detached_data)(struct pkcs7_message *pkcs7,
const void *data, size_t datalen)
{
if (pkcs7->data) {
@@ -485,4 +485,4 @@ int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
pkcs7->data_len = datalen;
return 0;
}
-EXPORT_SYMBOL_GPL(pkcs7_supply_detached_data);
+DEFINE_CRYPTO_API(pkcs7_supply_detached_data);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index f65b2a950ccf..fb3dc947022a 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -663,3 +663,15 @@ DEFINE_CRYPTO_API_STUB(pkcs7_validate_trust);
#endif
+/*
+ * crypto/asymmetric_keys/pkcs7_verify.c
+ */
+#if !IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER)
+
+#include <crypto/pkcs7.h>
+
+DEFINE_CRYPTO_API_STUB(pkcs7_verify);
+DEFINE_CRYPTO_API_STUB(pkcs7_supply_detached_data);
+
+#endif
+
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index bec3884eb242..f5e288073934 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -40,11 +40,13 @@ DECLARE_CRYPTO_API(pkcs7_validate_trust, int,
/*
* pkcs7_verify.c
*/
-extern int pkcs7_verify(struct pkcs7_message *pkcs7,
- enum key_being_used_for usage);
+DECLARE_CRYPTO_API(pkcs7_verify, int,
+ (struct pkcs7_message *pkcs7, enum key_being_used_for usage),
+ (pkcs7, usage));
-extern int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
- const void *data, size_t datalen);
+DECLARE_CRYPTO_API(pkcs7_supply_detached_data, int,
+ (struct pkcs7_message *pkcs7, const void *data, size_t datalen),
+ (pkcs7, data, datalen));
extern int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf,
u32 *len, enum hash_algo *hash_algo);
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 082/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs8_parser.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (80 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 081/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_verify.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 083/104] crypto: fips140: convert crypto/asymmetric_keys/public_key.c " Vegard Nossum
` (22 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS8_PRIVATE_KEY_PARSER --source crypto/asymmetric_keys/pkcs8_parser.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs8_parser.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs8_parser.c b/crypto/asymmetric_keys/pkcs8_parser.c
index 105dcce27f71..f26464639232 100644
--- a/crypto/asymmetric_keys/pkcs8_parser.c
+++ b/crypto/asymmetric_keys/pkcs8_parser.c
@@ -173,8 +173,8 @@ static void __exit pkcs8_key_exit(void)
unregister_asymmetric_key_parser(&pkcs8_key_parser);
}
-module_init(pkcs8_key_init);
-module_exit(pkcs8_key_exit);
+crypto_module_init(pkcs8_key_init);
+crypto_module_exit(pkcs8_key_exit);
MODULE_DESCRIPTION("PKCS#8 certificate parser");
MODULE_LICENSE("GPL");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 083/104] crypto: fips140: convert crypto/asymmetric_keys/public_key.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (81 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 082/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs8_parser.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 084/104] crypto: fips140: convert crypto/asymmetric_keys/selftest.c " Vegard Nossum
` (21 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE --source crypto/asymmetric_keys/public_key.c --header include/crypto/public_key.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/public_key.c | 8 ++++----
crypto/fips140-api.c | 12 ++++++++++++
include/crypto/public_key.h | 10 +++++++---
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index e5b177c8e842..a35689994302 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -39,7 +39,7 @@ static void public_key_describe(const struct key *asymmetric_key,
/*
* Destroy a public key algorithm key.
*/
-void public_key_free(struct public_key *key)
+void CRYPTO_API(public_key_free)(struct public_key *key)
{
if (key) {
kfree_sensitive(key->key);
@@ -47,7 +47,7 @@ void public_key_free(struct public_key *key)
kfree(key);
}
}
-EXPORT_SYMBOL_GPL(public_key_free);
+DEFINE_CRYPTO_API(public_key_free);
/*
* Destroy a public key algorithm key.
@@ -365,7 +365,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params,
/*
* Verify a signature using a public key.
*/
-int public_key_verify_signature(const struct public_key *pkey,
+int CRYPTO_API(public_key_verify_signature)(const struct public_key *pkey,
const struct public_key_signature *sig)
{
char alg_name[CRYPTO_MAX_ALG_NAME];
@@ -437,7 +437,7 @@ int public_key_verify_signature(const struct public_key *pkey,
ret = -EINVAL;
return ret;
}
-EXPORT_SYMBOL_GPL(public_key_verify_signature);
+DEFINE_CRYPTO_API(public_key_verify_signature);
static int public_key_verify_signature_2(const struct key *key,
const struct public_key_signature *sig)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index fb3dc947022a..49e89f4bdddb 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -675,3 +675,15 @@ DEFINE_CRYPTO_API_STUB(pkcs7_supply_detached_data);
#endif
+/*
+ * crypto/asymmetric_keys/public_key.c
+ */
+#if !IS_BUILTIN(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
+
+#include <crypto/public_key.h>
+
+DEFINE_CRYPTO_API_STUB(public_key_free);
+DEFINE_CRYPTO_API_STUB(public_key_verify_signature);
+
+#endif
+
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 81098e00c08f..46e6e14b8559 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -10,6 +10,7 @@
#ifndef _LINUX_PUBLIC_KEY_H
#define _LINUX_PUBLIC_KEY_H
+#include <crypto/api.h>
#include <linux/errno.h>
#include <linux/keyctl.h>
#include <linux/oid_registry.h>
@@ -35,7 +36,9 @@ struct public_key {
#define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
};
-extern void public_key_free(struct public_key *key);
+DECLARE_CRYPTO_API(public_key_free, void,
+ (struct public_key *key),
+ (key));
/*
* Public key cryptography signature data
@@ -108,8 +111,9 @@ extern int verify_signature(const struct key *,
const struct public_key_signature *);
#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
-int public_key_verify_signature(const struct public_key *pkey,
- const struct public_key_signature *sig);
+DECLARE_CRYPTO_API(public_key_verify_signature, int,
+ (const struct public_key *pkey, const struct public_key_signature *sig),
+ (pkey, sig));
#else
static inline
int public_key_verify_signature(const struct public_key *pkey,
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 084/104] crypto: fips140: convert crypto/asymmetric_keys/selftest.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (82 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 083/104] crypto: fips140: convert crypto/asymmetric_keys/public_key.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 085/104] crypto: fips140: convert crypto/asymmetric_keys/signature.c " Vegard Nossum
` (20 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_FIPS_SIGNATURE_SELFTEST --source crypto/asymmetric_keys/selftest.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/selftest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/selftest.c b/crypto/asymmetric_keys/selftest.c
index 98dc5cdfdebe..4f3b6ef85d1b 100644
--- a/crypto/asymmetric_keys/selftest.c
+++ b/crypto/asymmetric_keys/selftest.c
@@ -65,7 +65,7 @@ static int __init fips_signature_selftest_init(void)
return 0;
}
-late_initcall(fips_signature_selftest_init);
+crypto_late_initcall(fips_signature_selftest_init);
MODULE_DESCRIPTION("X.509 self tests");
MODULE_AUTHOR("Red Hat, Inc.");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 085/104] crypto: fips140: convert crypto/asymmetric_keys/signature.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (83 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 084/104] crypto: fips140: convert crypto/asymmetric_keys/selftest.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 086/104] crypto: fips140: convert crypto/asymmetric_keys/x509_cert_parser.c " Vegard Nossum
` (19 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_ASYMMETRIC_KEY_TYPE --source crypto/asymmetric_keys/signature.c --header include/crypto/public_key.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/signature.c | 12 ++++++------
crypto/fips140-api.c | 13 +++++++++++++
include/crypto/public_key.h | 14 +++++++++-----
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c
index 041d04b5c953..06ae0a49222c 100644
--- a/crypto/asymmetric_keys/signature.c
+++ b/crypto/asymmetric_keys/signature.c
@@ -20,7 +20,7 @@
/*
* Destroy a public key signature.
*/
-void public_key_signature_free(struct public_key_signature *sig)
+void CRYPTO_API(public_key_signature_free)(struct public_key_signature *sig)
{
int i;
@@ -32,14 +32,14 @@ void public_key_signature_free(struct public_key_signature *sig)
kfree(sig);
}
}
-EXPORT_SYMBOL_GPL(public_key_signature_free);
+DEFINE_CRYPTO_API(public_key_signature_free);
/**
* query_asymmetric_key - Get information about an asymmetric key.
* @params: Various parameters.
* @info: Where to put the information.
*/
-int query_asymmetric_key(const struct kernel_pkey_params *params,
+int CRYPTO_API(query_asymmetric_key)(const struct kernel_pkey_params *params,
struct kernel_pkey_query *info)
{
const struct asymmetric_key_subtype *subtype;
@@ -62,7 +62,7 @@ int query_asymmetric_key(const struct kernel_pkey_params *params,
pr_devel("<==%s() = %d\n", __func__, ret);
return ret;
}
-EXPORT_SYMBOL_GPL(query_asymmetric_key);
+DEFINE_CRYPTO_API(query_asymmetric_key);
/**
* verify_signature - Initiate the use of an asymmetric key to verify a signature
@@ -71,7 +71,7 @@ EXPORT_SYMBOL_GPL(query_asymmetric_key);
*
* Returns 0 if successful or else an error.
*/
-int verify_signature(const struct key *key,
+int CRYPTO_API(verify_signature)(const struct key *key,
const struct public_key_signature *sig)
{
const struct asymmetric_key_subtype *subtype;
@@ -93,4 +93,4 @@ int verify_signature(const struct key *key,
pr_devel("<==%s() = %d\n", __func__, ret);
return ret;
}
-EXPORT_SYMBOL_GPL(verify_signature);
+DEFINE_CRYPTO_API(verify_signature);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 49e89f4bdddb..5c245b1be2ba 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -687,3 +687,16 @@ DEFINE_CRYPTO_API_STUB(public_key_verify_signature);
#endif
+/*
+ * crypto/asymmetric_keys/signature.c
+ */
+#if !IS_BUILTIN(CONFIG_ASYMMETRIC_KEY_TYPE)
+
+#include <crypto/public_key.h>
+
+DEFINE_CRYPTO_API_STUB(public_key_signature_free);
+DEFINE_CRYPTO_API_STUB(query_asymmetric_key);
+DEFINE_CRYPTO_API_STUB(verify_signature);
+
+#endif
+
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 46e6e14b8559..c8f30adbd655 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -54,7 +54,9 @@ struct public_key_signature {
const char *encoding;
};
-extern void public_key_signature_free(struct public_key_signature *sig);
+DECLARE_CRYPTO_API(public_key_signature_free, void,
+ (struct public_key_signature *sig),
+ (sig));
extern struct asymmetric_key_subtype public_key_subtype;
@@ -104,11 +106,13 @@ static inline int restrict_link_by_digsig(struct key *dest_keyring,
}
#endif
-extern int query_asymmetric_key(const struct kernel_pkey_params *,
- struct kernel_pkey_query *);
+DECLARE_CRYPTO_API(query_asymmetric_key, int,
+ (const struct kernel_pkey_params *arg1, struct kernel_pkey_query *arg2),
+ (arg1, arg2));
-extern int verify_signature(const struct key *,
- const struct public_key_signature *);
+DECLARE_CRYPTO_API(verify_signature, int,
+ (const struct key *arg1, const struct public_key_signature *arg2),
+ (arg1, arg2));
#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
DECLARE_CRYPTO_API(public_key_verify_signature, int,
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 086/104] crypto: fips140: convert crypto/asymmetric_keys/x509_cert_parser.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (84 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 085/104] crypto: fips140: convert crypto/asymmetric_keys/signature.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 087/104] crypto: fips140: convert crypto/asymmetric_keys/x509_loader.c " Vegard Nossum
` (18 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_X509_CERTIFICATE_PARSER --source crypto/asymmetric_keys/x509_cert_parser.c --header crypto/asymmetric_keys/x509_parser.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/x509_cert_parser.c | 12 ++++++------
crypto/asymmetric_keys/x509_parser.h | 15 ++++++++++-----
crypto/fips140-api.c | 13 +++++++++++++
3 files changed, 29 insertions(+), 11 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 2ffe4ae90bea..aae629557e8d 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -41,7 +41,7 @@ struct x509_parse_context {
/*
* Free an X.509 certificate
*/
-void x509_free_certificate(struct x509_certificate *cert)
+void CRYPTO_API(x509_free_certificate)(struct x509_certificate *cert)
{
if (cert) {
public_key_free(cert->pub);
@@ -53,12 +53,12 @@ void x509_free_certificate(struct x509_certificate *cert)
kfree(cert);
}
}
-EXPORT_SYMBOL_GPL(x509_free_certificate);
+DEFINE_CRYPTO_API(x509_free_certificate);
/*
* Parse an X.509 certificate
*/
-struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
+struct x509_certificate *CRYPTO_API(x509_cert_parse)(const void *data, size_t datalen)
{
struct x509_certificate *cert __free(x509_free_certificate);
struct x509_parse_context *ctx __free(kfree) = NULL;
@@ -132,7 +132,7 @@ struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
return_ptr(cert);
}
-EXPORT_SYMBOL_GPL(x509_cert_parse);
+DEFINE_CRYPTO_API(x509_cert_parse);
/*
* Note an OID when we find one for later processing when we know how
@@ -649,7 +649,7 @@ int x509_process_extension(void *context, size_t hdrlen,
* applications MUST be able to process validity dates that are encoded in
* either UTCTime or GeneralizedTime.
*/
-int x509_decode_time(time64_t *_t, size_t hdrlen,
+int CRYPTO_API(x509_decode_time)(time64_t *_t, size_t hdrlen,
unsigned char tag,
const unsigned char *value, size_t vlen)
{
@@ -724,7 +724,7 @@ int x509_decode_time(time64_t *_t, size_t hdrlen,
tag, (int)vlen, value);
return -EBADMSG;
}
-EXPORT_SYMBOL_GPL(x509_decode_time);
+DEFINE_CRYPTO_API(x509_decode_time);
int x509_note_not_before(void *context, size_t hdrlen,
unsigned char tag,
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index 0688c222806b..79342e8e8bd9 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -5,6 +5,7 @@
* Written by David Howells (dhowells@redhat.com)
*/
+#include <crypto/api.h>
#include <linux/cleanup.h>
#include <linux/time.h>
#include <crypto/public_key.h>
@@ -44,13 +45,17 @@ struct x509_certificate {
/*
* x509_cert_parser.c
*/
-extern void x509_free_certificate(struct x509_certificate *cert);
+DECLARE_CRYPTO_API(x509_free_certificate, void,
+ (struct x509_certificate *cert),
+ (cert));
DEFINE_FREE(x509_free_certificate, struct x509_certificate *,
if (!IS_ERR(_T)) x509_free_certificate(_T))
-extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);
-extern int x509_decode_time(time64_t *_t, size_t hdrlen,
- unsigned char tag,
- const unsigned char *value, size_t vlen);
+DECLARE_CRYPTO_API(x509_cert_parse, struct x509_certificate *,
+ (const void *data, size_t datalen),
+ (data, datalen));
+DECLARE_CRYPTO_API(x509_decode_time, int,
+ (time64_t *_t, size_t hdrlen, unsigned char tag, const unsigned char *value, size_t vlen),
+ (_t, hdrlen, tag, value, vlen));
/*
* x509_public_key.c
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 5c245b1be2ba..db5b142e21df 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -700,3 +700,16 @@ DEFINE_CRYPTO_API_STUB(verify_signature);
#endif
+/*
+ * crypto/asymmetric_keys/x509_cert_parser.c
+ */
+#if !IS_BUILTIN(CONFIG_X509_CERTIFICATE_PARSER)
+
+#include <crypto/asymmetric_keys/x509_parser.h>
+
+DEFINE_CRYPTO_API_STUB(x509_free_certificate);
+DEFINE_CRYPTO_API_STUB(x509_cert_parse);
+DEFINE_CRYPTO_API_STUB(x509_decode_time);
+
+#endif
+
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 087/104] crypto: fips140: convert crypto/asymmetric_keys/x509_loader.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (85 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 086/104] crypto: fips140: convert crypto/asymmetric_keys/x509_cert_parser.c " Vegard Nossum
@ 2025-09-04 15:51 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 088/104] crypto: fips140: convert crypto/asymmetric_keys/x509_public_key.c " Vegard Nossum
` (17 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_X509_CERTIFICATE_PARSER --source crypto/asymmetric_keys/x509_loader.c --header include/keys/asymmetric-type.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/x509_loader.c | 4 ++--
crypto/fips140-api.c | 11 +++++++++++
include/keys/asymmetric-type.h | 5 +++--
3 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_loader.c b/crypto/asymmetric_keys/x509_loader.c
index a41741326998..a480763b1649 100644
--- a/crypto/asymmetric_keys/x509_loader.c
+++ b/crypto/asymmetric_keys/x509_loader.c
@@ -4,7 +4,7 @@
#include <linux/key.h>
#include <keys/asymmetric-type.h>
-int x509_load_certificate_list(const u8 cert_list[],
+int CRYPTO_API(x509_load_certificate_list)(const u8 cert_list[],
const unsigned long list_size,
const struct key *keyring)
{
@@ -55,4 +55,4 @@ int x509_load_certificate_list(const u8 cert_list[],
pr_err("Problem parsing in-kernel X.509 certificate list\n");
return 0;
}
-EXPORT_SYMBOL_GPL(x509_load_certificate_list);
+DEFINE_CRYPTO_API(x509_load_certificate_list);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index db5b142e21df..91812ed74f8a 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -713,3 +713,14 @@ DEFINE_CRYPTO_API_STUB(x509_decode_time);
#endif
+/*
+ * crypto/asymmetric_keys/x509_loader.c
+ */
+#if !IS_BUILTIN(CONFIG_X509_CERTIFICATE_PARSER)
+
+#include <keys/asymmetric-type.h>
+
+DEFINE_CRYPTO_API_STUB(x509_load_certificate_list);
+
+#endif
+
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
index fb7f82527978..ee1bf9b28bfd 100644
--- a/include/keys/asymmetric-type.h
+++ b/include/keys/asymmetric-type.h
@@ -84,8 +84,9 @@ DECLARE_CRYPTO_API(find_asymmetric_key, struct key *,
(struct key *keyring, const struct asymmetric_key_id *id_0, const struct asymmetric_key_id *id_1, const struct asymmetric_key_id *id_2, bool partial),
(keyring, id_0, id_1, id_2, partial));
-int x509_load_certificate_list(const u8 cert_list[], const unsigned long list_size,
- const struct key *keyring);
+DECLARE_CRYPTO_API(x509_load_certificate_list, int,
+ (const u8 cert_list[], const unsigned long list_size, const struct key *keyring),
+ (cert_list, list_size, keyring));
/*
* The payload is at the discretion of the subtype.
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 088/104] crypto: fips140: convert crypto/asymmetric_keys/x509_public_key.c to using crypto API wrappers
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (86 preceding siblings ...)
2025-09-04 15:51 ` [PATCH RFC 087/104] crypto: fips140: convert crypto/asymmetric_keys/x509_loader.c " Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 089/104] crypto: fips140: manual fixups for include/keys/asymmetric-type.h Vegard Nossum
` (16 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_X509_CERTIFICATE_PARSER --source crypto/asymmetric_keys/x509_public_key.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/x509_public_key.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 8409d7d36cb4..2f76b7b855de 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -246,8 +246,8 @@ static void __exit x509_key_exit(void)
unregister_asymmetric_key_parser(&x509_key_parser);
}
-module_init(x509_key_init);
-module_exit(x509_key_exit);
+crypto_module_init(x509_key_init);
+crypto_module_exit(x509_key_exit);
MODULE_DESCRIPTION("X.509 certificate parser");
MODULE_AUTHOR("Red Hat, Inc.");
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 089/104] crypto: fips140: manual fixups for include/keys/asymmetric-type.h
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (87 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 088/104] crypto: fips140: convert crypto/asymmetric_keys/x509_public_key.c " Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 090/104] crypto: fips140: manual fixups for include/crypto/sha2.h Vegard Nossum
` (15 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Define fips_/nonfips_ variants of key_type_asymmetric when the kernel is
configured to use a standalone FIPS module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
include/keys/asymmetric-type.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
index ee1bf9b28bfd..12c6f113b612 100644
--- a/include/keys/asymmetric-type.h
+++ b/include/keys/asymmetric-type.h
@@ -14,6 +14,14 @@
#include <linux/key-type.h>
#include <linux/verification.h>
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+#ifdef FIPS_MODULE
+#define key_type_asymmetric fips_key_type_asymmetric
+#else
+#define key_type_asymmetric nonfips_key_type_asymmetric
+#endif
+#endif
+
extern struct key_type key_type_asymmetric;
/*
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 090/104] crypto: fips140: manual fixups for include/crypto/sha2.h
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (88 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 089/104] crypto: fips140: manual fixups for include/keys/asymmetric-type.h Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 091/104] crypto: fips140: manual fixups for include/crypto/public_key.h Vegard Nossum
` (14 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Define fips_/nonfips_ variants of sha*_zero_message_hash when the
kernel is configured to use a standalone FIPS module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
include/crypto/sha2.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/include/crypto/sha2.h b/include/crypto/sha2.h
index ce908568009a..5af928f61d9e 100644
--- a/include/crypto/sha2.h
+++ b/include/crypto/sha2.h
@@ -59,6 +59,20 @@
#define SHA512_H6 0x1f83d9abfb41bd6bULL
#define SHA512_H7 0x5be0cd19137e2179ULL
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+#ifdef FIPS_MODULE
+#define sha224_zero_message_hash fips_sha224_zero_message_hash
+#define sha256_zero_message_hash fips_sha256_zero_message_hash
+#define sha384_zero_message_hash fips_sha384_zero_message_hash
+#define sha512_zero_message_hash fips_sha512_zero_message_hash
+#else
+#define sha224_zero_message_hash nonfips_sha224_zero_message_hash
+#define sha256_zero_message_hash nonfips_sha256_zero_message_hash
+#define sha384_zero_message_hash nonfips_sha384_zero_message_hash
+#define sha512_zero_message_hash nonfips_sha512_zero_message_hash
+#endif
+#endif
+
extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE];
extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE];
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 091/104] crypto: fips140: manual fixups for include/crypto/public_key.h
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (89 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 090/104] crypto: fips140: manual fixups for include/crypto/sha2.h Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 092/104] crypto: fips140: manual fixups for include/crypto/aes.h Vegard Nossum
` (13 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Define fips_/nonfips_ variants of public_key_subtype when the kernel is
configured to use a standalone FIPS module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
include/crypto/public_key.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index c8f30adbd655..b995644b0c92 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -58,6 +58,14 @@ DECLARE_CRYPTO_API(public_key_signature_free, void,
(struct public_key_signature *sig),
(sig));
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+#ifdef FIPS_MODULE
+#define public_key_subtype fips_public_key_subtype
+#else
+#define public_key_subtype nonfips_public_key_subtype
+#endif
+#endif
+
extern struct asymmetric_key_subtype public_key_subtype;
struct key;
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 092/104] crypto: fips140: manual fixups for include/crypto/aes.h
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (90 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 091/104] crypto: fips140: manual fixups for include/crypto/public_key.h Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 093/104] crypto: fips140: manual fixups for crypto/internal.h Vegard Nossum
` (12 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Define fips_/nonfips_ variants of crypto_*_tab when the kernel is
configured to use a standalone FIPS module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
include/crypto/aes.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 6a732ea5ee1b..77f5515c49c9 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -29,6 +29,16 @@ struct crypto_aes_ctx {
u32 key_length;
};
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+#ifdef FIPS_MODULE
+#define crypto_ft_tab fips_crypto_ft_tab
+#define crypto_it_tab fips_crypto_it_tab
+#else
+#define crypto_ft_tab nonfips_crypto_ft_tab
+#define crypto_it_tab nonfips_crypto_it_tab
+#endif
+#endif
+
extern const u32 crypto_ft_tab[4][256] ____cacheline_aligned;
extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 093/104] crypto: fips140: manual fixups for crypto/internal.h
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (91 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 092/104] crypto: fips140: manual fixups for include/crypto/aes.h Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 094/104] crypto: fips140: manual fixups for include/crypto/internal/ecc.h Vegard Nossum
` (11 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Define fips_/nonfips_ variants of cryoto_{alg_list,alg_sem,chain} when
the kernel is configured to use a standalone FIPS module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/internal.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/crypto/internal.h b/crypto/internal.h
index f4b12863d922..08f2f04b010d 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -62,6 +62,18 @@ enum {
/* Maximum number of (rtattr) parameters for each template. */
#define CRYPTO_MAX_ATTRS 32
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+#ifdef FIPS_MODULE
+#define crypto_alg_list fips_crypto_alg_list
+#define crypto_alg_sem fips_crypto_alg_sem
+#define crypto_chain fips_crypto_chain
+#else
+#define crypto_alg_list nonfips_crypto_alg_list
+#define crypto_alg_sem nonfips_crypto_alg_sem
+#define crypto_chain nonfips_crypto_chain
+#endif
+#endif
+
extern struct list_head crypto_alg_list;
extern struct rw_semaphore crypto_alg_sem;
extern struct blocking_notifier_head crypto_chain;
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 094/104] crypto: fips140: manual fixups for include/crypto/internal/ecc.h
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (92 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 093/104] crypto: fips140: manual fixups for crypto/internal.h Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 095/104] crypto: fips140: manual fixups for include/crypto/internal/rsa.h Vegard Nossum
` (10 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Define fips_/nonfips_ variants of ecdsa_*_tmpl when the kernel is
configured to use a standalone FIPS module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
include/crypto/internal/ecc.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/ecc.h
index 906d1443de96..b8ce202530de 100644
--- a/include/crypto/internal/ecc.h
+++ b/include/crypto/internal/ecc.h
@@ -30,6 +30,16 @@
#include <crypto/ecc_curve.h>
#include <linux/unaligned.h>
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+#ifdef FIPS_MODULE
+#define ecdsa_x962_tmpl fips_ecdsa_x962_tmpl
+#define ecdsa_p1363_tmpl fips_ecdsa_p1363_tmpl
+#else
+#define ecdsa_x962_tmpl nonfips_ecdsa_x962_tmpl
+#define ecdsa_p1363_tmpl nonfips_ecdsa_p1363_tmpl
+#endif
+#endif
+
/* One digit is u64 qword. */
#define ECC_CURVE_NIST_P192_DIGITS 3
#define ECC_CURVE_NIST_P256_DIGITS 4
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 095/104] crypto: fips140: manual fixups for include/crypto/internal/rsa.h
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (93 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 094/104] crypto: fips140: manual fixups for include/crypto/internal/ecc.h Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 096/104] crypto: fips140: manual fixups for include/crypto/aes.h Vegard Nossum
` (9 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Define fips_/nonfips_ variants of rsa_pkcs1pad_tmpl and
rsassa_pkcs1_tmpl when the kernel is configured to use a standalone
FIPS module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
include/crypto/internal/rsa.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
index 1265aa81f6fe..9028a184d06e 100644
--- a/include/crypto/internal/rsa.h
+++ b/include/crypto/internal/rsa.h
@@ -12,6 +12,16 @@
#include <linux/types.h>
#include <crypto/akcipher.h>
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+#ifdef FIPS_MODULE
+#define rsa_pkcs1pad_tmpl fips_rsa_pkcs1pad_tmpl
+#define rsassa_pkcs1_tmpl fips_rsassa_pkcs1_tmpl
+#else
+#define rsa_pkcs1pad_tmpl nonfips_rsa_pkcs1pad_tmpl
+#define rsassa_pkcs1_tmpl nonfips_rsassa_pkcs1_tmpl
+#endif
+#endif
+
/**
* rsa_key - RSA key structure
* @n : RSA modulus raw byte stream
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 096/104] crypto: fips140: manual fixups for include/crypto/aes.h
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (94 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 095/104] crypto: fips140: manual fixups for include/crypto/internal/rsa.h Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 097/104] crypto: fips140: manual fixups for lib/crypto/sha256.c Vegard Nossum
` (8 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Define fips_/nonfips_ variants of crypto_aes_*sbox when the kernel is
configured to use a standalone FIPS module.
Vegard Nossum <vegard.nossum@oracle.com>
---
include/crypto/aes.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 77f5515c49c9..fc84ffcd00a7 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -101,6 +101,16 @@ DECLARE_CRYPTO_API(aes_decrypt, void,
(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in),
(ctx, out, in));
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+#ifdef FIPS_MODULE
+#define crypto_aes_sbox fips_crypto_aes_sbox
+#define crypto_aes_inv_sbox fips_crypto_aes_inv_sbox
+#else
+#define crypto_aes_sbox nonfips_crypto_aes_sbox
+#define crypto_aes_inv_sbox nonfips_crypto_aes_inv_sbox
+#endif
+#endif
+
extern const u8 crypto_aes_sbox[];
extern const u8 crypto_aes_inv_sbox[];
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 097/104] crypto: fips140: manual fixups for lib/crypto/sha256.c
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (95 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 096/104] crypto: fips140: manual fixups for include/crypto/aes.h Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 21:35 ` Eric Biggers
2025-09-04 15:52 ` [PATCH RFC 098/104] crypto: fips140: manual fixups for lib/crypto/sha512.c Vegard Nossum
` (7 subsequent siblings)
104 siblings, 1 reply; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Don't build arch-specific SHA256 code yet when building the FIPS 140
standalone module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
lib/crypto/sha256.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/crypto/sha256.c b/lib/crypto/sha256.c
index 36a9f2bf77e2..bc20cdb9eb94 100644
--- a/lib/crypto/sha256.c
+++ b/lib/crypto/sha256.c
@@ -148,7 +148,7 @@ sha256_blocks_generic(struct sha256_block_state *state,
memzero_explicit(W, sizeof(W));
}
-#if defined(CONFIG_CRYPTO_LIB_SHA256_ARCH) && !defined(__DISABLE_EXPORTS)
+#if defined(CONFIG_CRYPTO_LIB_SHA256_ARCH) && !defined(__DISABLE_EXPORTS) && !defined(FIPS_MODULE)
#include "sha256.h" /* $(SRCARCH)/sha256.h */
#else
#define sha256_blocks sha256_blocks_generic
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 098/104] crypto: fips140: manual fixups for lib/crypto/sha512.c
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (96 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 097/104] crypto: fips140: manual fixups for lib/crypto/sha256.c Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 099/104] crypto: fips140: add symlinks to kernel sources Vegard Nossum
` (6 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Don't build arch-specific SHA512 code yet when building the FIPS 140
standalone module.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
lib/crypto/sha512.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/crypto/sha512.c b/lib/crypto/sha512.c
index 9a170bf1a48c..a6a3e102c6a8 100644
--- a/lib/crypto/sha512.c
+++ b/lib/crypto/sha512.c
@@ -132,7 +132,7 @@ sha512_blocks_generic(struct sha512_block_state *state,
} while (--nblocks);
}
-#ifdef CONFIG_CRYPTO_LIB_SHA512_ARCH
+#if defined(CONFIG_CRYPTO_LIB_SHA512_ARCH) && !defined(FIPS_MODULE)
#include "sha512.h" /* $(SRCARCH)/sha512.h */
#else
#define sha512_blocks sha512_blocks_generic
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 099/104] crypto: fips140: add symlinks to kernel sources
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (97 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 098/104] crypto: fips140: manual fixups for lib/crypto/sha512.c Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 100/104] crypto: fips140: add standalone FIPS 140 module Vegard Nossum
` (5 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In order to minimize source code duplication, we symlink all files under
fips140/ to their top-level source tree equivalents, e.g.:
fips140/crypto/api.c -> crypto/api.c
We're going to build these files as an out-of-tree module (with
-DFIPS_MODULE=1).
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
fips140/crypto/aead.c | 1 +
fips140/crypto/aes_generic.c | 1 +
fips140/crypto/ahash.c | 1 +
fips140/crypto/akcipher.c | 1 +
fips140/crypto/algapi.c | 1 +
fips140/crypto/algboss.c | 1 +
fips140/crypto/api.c | 1 +
fips140/crypto/asymmetric_keys/asymmetric_keys.h | 1 +
fips140/crypto/asymmetric_keys/asymmetric_type.c | 1 +
fips140/crypto/asymmetric_keys/mscode_parser.c | 1 +
fips140/crypto/asymmetric_keys/pkcs7.asn1 | 1 +
fips140/crypto/asymmetric_keys/pkcs7_key_type.c | 1 +
fips140/crypto/asymmetric_keys/pkcs7_parser.c | 1 +
fips140/crypto/asymmetric_keys/pkcs7_parser.h | 1 +
fips140/crypto/asymmetric_keys/pkcs7_trust.c | 1 +
fips140/crypto/asymmetric_keys/pkcs7_verify.c | 1 +
fips140/crypto/asymmetric_keys/pkcs8.asn1 | 1 +
fips140/crypto/asymmetric_keys/pkcs8_parser.c | 1 +
fips140/crypto/asymmetric_keys/public_key.c | 1 +
fips140/crypto/asymmetric_keys/restrict.c | 1 +
fips140/crypto/asymmetric_keys/selftest.c | 1 +
fips140/crypto/asymmetric_keys/selftest.h | 1 +
fips140/crypto/asymmetric_keys/selftest_ecdsa.c | 1 +
fips140/crypto/asymmetric_keys/selftest_rsa.c | 1 +
fips140/crypto/asymmetric_keys/signature.c | 1 +
fips140/crypto/asymmetric_keys/verify_pefile.c | 1 +
fips140/crypto/asymmetric_keys/verify_pefile.h | 1 +
fips140/crypto/asymmetric_keys/x509.asn1 | 1 +
fips140/crypto/asymmetric_keys/x509_akid.asn1 | 1 +
fips140/crypto/asymmetric_keys/x509_cert_parser.c | 1 +
fips140/crypto/asymmetric_keys/x509_loader.c | 1 +
fips140/crypto/asymmetric_keys/x509_parser.h | 1 +
fips140/crypto/asymmetric_keys/x509_public_key.c | 1 +
fips140/crypto/authenc.c | 1 +
fips140/crypto/authencesn.c | 1 +
fips140/crypto/cbc.c | 1 +
fips140/crypto/ccm.c | 1 +
fips140/crypto/cipher.c | 1 +
fips140/crypto/cmac.c | 1 +
fips140/crypto/cryptd.c | 1 +
fips140/crypto/ctr.c | 1 +
fips140/crypto/dh.c | 1 +
fips140/crypto/dh_helper.c | 1 +
fips140/crypto/drbg.c | 1 +
fips140/crypto/ecb.c | 1 +
fips140/crypto/ecc.c | 1 +
fips140/crypto/ecc_curve_defs.h | 1 +
fips140/crypto/ecdh.c | 1 +
fips140/crypto/ecdh_helper.c | 1 +
fips140/crypto/ecdsa-p1363.c | 1 +
fips140/crypto/ecdsa-x962.c | 1 +
fips140/crypto/ecdsa.c | 1 +
fips140/crypto/ecdsasignature.asn1 | 1 +
fips140/crypto/echainiv.c | 1 +
fips140/crypto/essiv.c | 1 +
fips140/crypto/gcm.c | 1 +
fips140/crypto/geniv.c | 1 +
fips140/crypto/ghash-generic.c | 1 +
fips140/crypto/hash.h | 1 +
fips140/crypto/hmac.c | 1 +
fips140/crypto/internal.h | 1 +
fips140/crypto/jitterentropy-kcapi.c | 1 +
fips140/crypto/jitterentropy.c | 1 +
fips140/crypto/jitterentropy.h | 1 +
fips140/crypto/kpp.c | 1 +
fips140/crypto/lskcipher.c | 1 +
fips140/crypto/pcrypt.c | 1 +
fips140/crypto/proc.c | 1 +
fips140/crypto/rng.c | 1 +
fips140/crypto/rsa-pkcs1pad.c | 1 +
fips140/crypto/rsa.c | 1 +
fips140/crypto/rsa_helper.c | 1 +
fips140/crypto/rsaprivkey.asn1 | 1 +
fips140/crypto/rsapubkey.asn1 | 1 +
fips140/crypto/rsassa-pkcs1.c | 1 +
fips140/crypto/seqiv.c | 1 +
fips140/crypto/sha256.c | 1 +
fips140/crypto/sha3_generic.c | 1 +
fips140/crypto/sha512.c | 1 +
fips140/crypto/shash.c | 1 +
fips140/crypto/sig.c | 1 +
fips140/crypto/simd.c | 1 +
fips140/crypto/skcipher.c | 1 +
fips140/crypto/skcipher.h | 1 +
fips140/crypto/tcrypt.c | 1 +
fips140/crypto/tcrypt.h | 1 +
fips140/crypto/testmgr.c | 1 +
fips140/crypto/testmgr.h | 1 +
fips140/crypto/xts.c | 1 +
fips140/lib/crypto/aes.c | 1 +
fips140/lib/crypto/aesgcm.c | 1 +
fips140/lib/crypto/gf128mul.c | 1 +
fips140/lib/crypto/memneq.c | 1 +
fips140/lib/crypto/sha256.c | 1 +
fips140/lib/crypto/sha512.c | 1 +
fips140/lib/crypto/utils.c | 1 +
96 files changed, 96 insertions(+)
create mode 120000 fips140/crypto/aead.c
create mode 120000 fips140/crypto/aes_generic.c
create mode 120000 fips140/crypto/ahash.c
create mode 120000 fips140/crypto/akcipher.c
create mode 120000 fips140/crypto/algapi.c
create mode 120000 fips140/crypto/algboss.c
create mode 120000 fips140/crypto/api.c
create mode 120000 fips140/crypto/asymmetric_keys/asymmetric_keys.h
create mode 120000 fips140/crypto/asymmetric_keys/asymmetric_type.c
create mode 120000 fips140/crypto/asymmetric_keys/mscode_parser.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7.asn1
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_key_type.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_parser.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_parser.h
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_trust.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs7_verify.c
create mode 120000 fips140/crypto/asymmetric_keys/pkcs8.asn1
create mode 120000 fips140/crypto/asymmetric_keys/pkcs8_parser.c
create mode 120000 fips140/crypto/asymmetric_keys/public_key.c
create mode 120000 fips140/crypto/asymmetric_keys/restrict.c
create mode 120000 fips140/crypto/asymmetric_keys/selftest.c
create mode 120000 fips140/crypto/asymmetric_keys/selftest.h
create mode 120000 fips140/crypto/asymmetric_keys/selftest_ecdsa.c
create mode 120000 fips140/crypto/asymmetric_keys/selftest_rsa.c
create mode 120000 fips140/crypto/asymmetric_keys/signature.c
create mode 120000 fips140/crypto/asymmetric_keys/verify_pefile.c
create mode 120000 fips140/crypto/asymmetric_keys/verify_pefile.h
create mode 120000 fips140/crypto/asymmetric_keys/x509.asn1
create mode 120000 fips140/crypto/asymmetric_keys/x509_akid.asn1
create mode 120000 fips140/crypto/asymmetric_keys/x509_cert_parser.c
create mode 120000 fips140/crypto/asymmetric_keys/x509_loader.c
create mode 120000 fips140/crypto/asymmetric_keys/x509_parser.h
create mode 120000 fips140/crypto/asymmetric_keys/x509_public_key.c
create mode 120000 fips140/crypto/authenc.c
create mode 120000 fips140/crypto/authencesn.c
create mode 120000 fips140/crypto/cbc.c
create mode 120000 fips140/crypto/ccm.c
create mode 120000 fips140/crypto/cipher.c
create mode 120000 fips140/crypto/cmac.c
create mode 120000 fips140/crypto/cryptd.c
create mode 120000 fips140/crypto/ctr.c
create mode 120000 fips140/crypto/dh.c
create mode 120000 fips140/crypto/dh_helper.c
create mode 120000 fips140/crypto/drbg.c
create mode 120000 fips140/crypto/ecb.c
create mode 120000 fips140/crypto/ecc.c
create mode 120000 fips140/crypto/ecc_curve_defs.h
create mode 120000 fips140/crypto/ecdh.c
create mode 120000 fips140/crypto/ecdh_helper.c
create mode 120000 fips140/crypto/ecdsa-p1363.c
create mode 120000 fips140/crypto/ecdsa-x962.c
create mode 120000 fips140/crypto/ecdsa.c
create mode 120000 fips140/crypto/ecdsasignature.asn1
create mode 120000 fips140/crypto/echainiv.c
create mode 120000 fips140/crypto/essiv.c
create mode 120000 fips140/crypto/gcm.c
create mode 120000 fips140/crypto/geniv.c
create mode 120000 fips140/crypto/ghash-generic.c
create mode 120000 fips140/crypto/hash.h
create mode 120000 fips140/crypto/hmac.c
create mode 120000 fips140/crypto/internal.h
create mode 120000 fips140/crypto/jitterentropy-kcapi.c
create mode 120000 fips140/crypto/jitterentropy.c
create mode 120000 fips140/crypto/jitterentropy.h
create mode 120000 fips140/crypto/kpp.c
create mode 120000 fips140/crypto/lskcipher.c
create mode 120000 fips140/crypto/pcrypt.c
create mode 120000 fips140/crypto/proc.c
create mode 120000 fips140/crypto/rng.c
create mode 120000 fips140/crypto/rsa-pkcs1pad.c
create mode 120000 fips140/crypto/rsa.c
create mode 120000 fips140/crypto/rsa_helper.c
create mode 120000 fips140/crypto/rsaprivkey.asn1
create mode 120000 fips140/crypto/rsapubkey.asn1
create mode 120000 fips140/crypto/rsassa-pkcs1.c
create mode 120000 fips140/crypto/seqiv.c
create mode 120000 fips140/crypto/sha256.c
create mode 120000 fips140/crypto/sha3_generic.c
create mode 120000 fips140/crypto/sha512.c
create mode 120000 fips140/crypto/shash.c
create mode 120000 fips140/crypto/sig.c
create mode 120000 fips140/crypto/simd.c
create mode 120000 fips140/crypto/skcipher.c
create mode 120000 fips140/crypto/skcipher.h
create mode 120000 fips140/crypto/tcrypt.c
create mode 120000 fips140/crypto/tcrypt.h
create mode 120000 fips140/crypto/testmgr.c
create mode 120000 fips140/crypto/testmgr.h
create mode 120000 fips140/crypto/xts.c
create mode 120000 fips140/lib/crypto/aes.c
create mode 120000 fips140/lib/crypto/aesgcm.c
create mode 120000 fips140/lib/crypto/gf128mul.c
create mode 120000 fips140/lib/crypto/memneq.c
create mode 120000 fips140/lib/crypto/sha256.c
create mode 120000 fips140/lib/crypto/sha512.c
create mode 120000 fips140/lib/crypto/utils.c
diff --git a/fips140/crypto/aead.c b/fips140/crypto/aead.c
new file mode 120000
index 000000000000..212e18356521
--- /dev/null
+++ b/fips140/crypto/aead.c
@@ -0,0 +1 @@
+../../crypto/aead.c
\ No newline at end of file
diff --git a/fips140/crypto/aes_generic.c b/fips140/crypto/aes_generic.c
new file mode 120000
index 000000000000..98deccd59067
--- /dev/null
+++ b/fips140/crypto/aes_generic.c
@@ -0,0 +1 @@
+../../crypto/aes_generic.c
\ No newline at end of file
diff --git a/fips140/crypto/ahash.c b/fips140/crypto/ahash.c
new file mode 120000
index 000000000000..81e1d69b51b3
--- /dev/null
+++ b/fips140/crypto/ahash.c
@@ -0,0 +1 @@
+../../crypto/ahash.c
\ No newline at end of file
diff --git a/fips140/crypto/akcipher.c b/fips140/crypto/akcipher.c
new file mode 120000
index 000000000000..66a618824b92
--- /dev/null
+++ b/fips140/crypto/akcipher.c
@@ -0,0 +1 @@
+../../crypto/akcipher.c
\ No newline at end of file
diff --git a/fips140/crypto/algapi.c b/fips140/crypto/algapi.c
new file mode 120000
index 000000000000..31fc6b4fb765
--- /dev/null
+++ b/fips140/crypto/algapi.c
@@ -0,0 +1 @@
+../../crypto/algapi.c
\ No newline at end of file
diff --git a/fips140/crypto/algboss.c b/fips140/crypto/algboss.c
new file mode 120000
index 000000000000..e27142d777f7
--- /dev/null
+++ b/fips140/crypto/algboss.c
@@ -0,0 +1 @@
+../../crypto/algboss.c
\ No newline at end of file
diff --git a/fips140/crypto/api.c b/fips140/crypto/api.c
new file mode 120000
index 000000000000..7c60a1d33673
--- /dev/null
+++ b/fips140/crypto/api.c
@@ -0,0 +1 @@
+../../crypto/api.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/asymmetric_keys.h b/fips140/crypto/asymmetric_keys/asymmetric_keys.h
new file mode 120000
index 000000000000..16867d35838f
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/asymmetric_keys.h
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/asymmetric_keys.h
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/asymmetric_type.c b/fips140/crypto/asymmetric_keys/asymmetric_type.c
new file mode 120000
index 000000000000..9f9119a13078
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/asymmetric_type.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/asymmetric_type.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/mscode_parser.c b/fips140/crypto/asymmetric_keys/mscode_parser.c
new file mode 120000
index 000000000000..fc2e5ba2b6ba
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/mscode_parser.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/mscode_parser.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/pkcs7.asn1 b/fips140/crypto/asymmetric_keys/pkcs7.asn1
new file mode 120000
index 000000000000..c05196a6916d
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/pkcs7.asn1
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/pkcs7.asn1
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/pkcs7_key_type.c b/fips140/crypto/asymmetric_keys/pkcs7_key_type.c
new file mode 120000
index 000000000000..1483042a2f94
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/pkcs7_key_type.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/pkcs7_parser.c b/fips140/crypto/asymmetric_keys/pkcs7_parser.c
new file mode 120000
index 000000000000..fadba19812d9
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/pkcs7_parser.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/pkcs7_parser.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/pkcs7_parser.h b/fips140/crypto/asymmetric_keys/pkcs7_parser.h
new file mode 120000
index 000000000000..a002feec14a9
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/pkcs7_parser.h
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/pkcs7_parser.h
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/pkcs7_trust.c b/fips140/crypto/asymmetric_keys/pkcs7_trust.c
new file mode 120000
index 000000000000..bc319e2fa53f
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/pkcs7_trust.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/pkcs7_trust.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/pkcs7_verify.c b/fips140/crypto/asymmetric_keys/pkcs7_verify.c
new file mode 120000
index 000000000000..e973804a9fd5
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/pkcs7_verify.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/pkcs7_verify.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/pkcs8.asn1 b/fips140/crypto/asymmetric_keys/pkcs8.asn1
new file mode 120000
index 000000000000..c8696cd8abc9
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/pkcs8.asn1
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/pkcs8.asn1
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/pkcs8_parser.c b/fips140/crypto/asymmetric_keys/pkcs8_parser.c
new file mode 120000
index 000000000000..4549c6abdca6
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/pkcs8_parser.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/pkcs8_parser.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/public_key.c b/fips140/crypto/asymmetric_keys/public_key.c
new file mode 120000
index 000000000000..8095065156ab
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/public_key.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/public_key.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/restrict.c b/fips140/crypto/asymmetric_keys/restrict.c
new file mode 120000
index 000000000000..78d8775f18c6
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/restrict.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/restrict.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/selftest.c b/fips140/crypto/asymmetric_keys/selftest.c
new file mode 120000
index 000000000000..634ea04a70ac
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/selftest.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/selftest.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/selftest.h b/fips140/crypto/asymmetric_keys/selftest.h
new file mode 120000
index 000000000000..3a769362b7ca
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/selftest.h
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/selftest.h
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/selftest_ecdsa.c b/fips140/crypto/asymmetric_keys/selftest_ecdsa.c
new file mode 120000
index 000000000000..efaeb42740a9
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/selftest_ecdsa.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/selftest_ecdsa.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/selftest_rsa.c b/fips140/crypto/asymmetric_keys/selftest_rsa.c
new file mode 120000
index 000000000000..d6418f82a81b
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/selftest_rsa.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/selftest_rsa.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/signature.c b/fips140/crypto/asymmetric_keys/signature.c
new file mode 120000
index 000000000000..415c34d1e33b
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/signature.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/signature.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/verify_pefile.c b/fips140/crypto/asymmetric_keys/verify_pefile.c
new file mode 120000
index 000000000000..9b7153555f36
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/verify_pefile.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/verify_pefile.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/verify_pefile.h b/fips140/crypto/asymmetric_keys/verify_pefile.h
new file mode 120000
index 000000000000..62483171759e
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/verify_pefile.h
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/verify_pefile.h
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/x509.asn1 b/fips140/crypto/asymmetric_keys/x509.asn1
new file mode 120000
index 000000000000..1aa8edbc2ec4
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/x509.asn1
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/x509.asn1
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/x509_akid.asn1 b/fips140/crypto/asymmetric_keys/x509_akid.asn1
new file mode 120000
index 000000000000..f952c11063f3
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/x509_akid.asn1
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/x509_akid.asn1
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/x509_cert_parser.c b/fips140/crypto/asymmetric_keys/x509_cert_parser.c
new file mode 120000
index 000000000000..a86d71968d3f
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/x509_cert_parser.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/x509_cert_parser.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/x509_loader.c b/fips140/crypto/asymmetric_keys/x509_loader.c
new file mode 120000
index 000000000000..efa9c866d065
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/x509_loader.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/x509_loader.c
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/x509_parser.h b/fips140/crypto/asymmetric_keys/x509_parser.h
new file mode 120000
index 000000000000..cbf61d79a344
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/x509_parser.h
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/x509_parser.h
\ No newline at end of file
diff --git a/fips140/crypto/asymmetric_keys/x509_public_key.c b/fips140/crypto/asymmetric_keys/x509_public_key.c
new file mode 120000
index 000000000000..000f40135e91
--- /dev/null
+++ b/fips140/crypto/asymmetric_keys/x509_public_key.c
@@ -0,0 +1 @@
+../../../crypto/asymmetric_keys/x509_public_key.c
\ No newline at end of file
diff --git a/fips140/crypto/authenc.c b/fips140/crypto/authenc.c
new file mode 120000
index 000000000000..21e091ad0815
--- /dev/null
+++ b/fips140/crypto/authenc.c
@@ -0,0 +1 @@
+../../crypto/authenc.c
\ No newline at end of file
diff --git a/fips140/crypto/authencesn.c b/fips140/crypto/authencesn.c
new file mode 120000
index 000000000000..00bb54b7be3f
--- /dev/null
+++ b/fips140/crypto/authencesn.c
@@ -0,0 +1 @@
+../../crypto/authencesn.c
\ No newline at end of file
diff --git a/fips140/crypto/cbc.c b/fips140/crypto/cbc.c
new file mode 120000
index 000000000000..aa1f6fb840c0
--- /dev/null
+++ b/fips140/crypto/cbc.c
@@ -0,0 +1 @@
+../../crypto/cbc.c
\ No newline at end of file
diff --git a/fips140/crypto/ccm.c b/fips140/crypto/ccm.c
new file mode 120000
index 000000000000..879bd39b8843
--- /dev/null
+++ b/fips140/crypto/ccm.c
@@ -0,0 +1 @@
+../../crypto/ccm.c
\ No newline at end of file
diff --git a/fips140/crypto/cipher.c b/fips140/crypto/cipher.c
new file mode 120000
index 000000000000..53fd49f62385
--- /dev/null
+++ b/fips140/crypto/cipher.c
@@ -0,0 +1 @@
+../../crypto/cipher.c
\ No newline at end of file
diff --git a/fips140/crypto/cmac.c b/fips140/crypto/cmac.c
new file mode 120000
index 000000000000..da6195375be2
--- /dev/null
+++ b/fips140/crypto/cmac.c
@@ -0,0 +1 @@
+../../crypto/cmac.c
\ No newline at end of file
diff --git a/fips140/crypto/cryptd.c b/fips140/crypto/cryptd.c
new file mode 120000
index 000000000000..b18b260ec57d
--- /dev/null
+++ b/fips140/crypto/cryptd.c
@@ -0,0 +1 @@
+../../crypto/cryptd.c
\ No newline at end of file
diff --git a/fips140/crypto/ctr.c b/fips140/crypto/ctr.c
new file mode 120000
index 000000000000..3fe3cc809347
--- /dev/null
+++ b/fips140/crypto/ctr.c
@@ -0,0 +1 @@
+../../crypto/ctr.c
\ No newline at end of file
diff --git a/fips140/crypto/dh.c b/fips140/crypto/dh.c
new file mode 120000
index 000000000000..2052a9ead300
--- /dev/null
+++ b/fips140/crypto/dh.c
@@ -0,0 +1 @@
+../../crypto/dh.c
\ No newline at end of file
diff --git a/fips140/crypto/dh_helper.c b/fips140/crypto/dh_helper.c
new file mode 120000
index 000000000000..c14488c38829
--- /dev/null
+++ b/fips140/crypto/dh_helper.c
@@ -0,0 +1 @@
+../../crypto/dh_helper.c
\ No newline at end of file
diff --git a/fips140/crypto/drbg.c b/fips140/crypto/drbg.c
new file mode 120000
index 000000000000..7f59714d2569
--- /dev/null
+++ b/fips140/crypto/drbg.c
@@ -0,0 +1 @@
+../../crypto/drbg.c
\ No newline at end of file
diff --git a/fips140/crypto/ecb.c b/fips140/crypto/ecb.c
new file mode 120000
index 000000000000..3fc2a39f7569
--- /dev/null
+++ b/fips140/crypto/ecb.c
@@ -0,0 +1 @@
+../../crypto/ecb.c
\ No newline at end of file
diff --git a/fips140/crypto/ecc.c b/fips140/crypto/ecc.c
new file mode 120000
index 000000000000..45a59d048f04
--- /dev/null
+++ b/fips140/crypto/ecc.c
@@ -0,0 +1 @@
+../../crypto/ecc.c
\ No newline at end of file
diff --git a/fips140/crypto/ecc_curve_defs.h b/fips140/crypto/ecc_curve_defs.h
new file mode 120000
index 000000000000..7a065529702f
--- /dev/null
+++ b/fips140/crypto/ecc_curve_defs.h
@@ -0,0 +1 @@
+../../crypto/ecc_curve_defs.h
\ No newline at end of file
diff --git a/fips140/crypto/ecdh.c b/fips140/crypto/ecdh.c
new file mode 120000
index 000000000000..c82cae9a6272
--- /dev/null
+++ b/fips140/crypto/ecdh.c
@@ -0,0 +1 @@
+../../crypto/ecdh.c
\ No newline at end of file
diff --git a/fips140/crypto/ecdh_helper.c b/fips140/crypto/ecdh_helper.c
new file mode 120000
index 000000000000..a37954e0aa04
--- /dev/null
+++ b/fips140/crypto/ecdh_helper.c
@@ -0,0 +1 @@
+../../crypto/ecdh_helper.c
\ No newline at end of file
diff --git a/fips140/crypto/ecdsa-p1363.c b/fips140/crypto/ecdsa-p1363.c
new file mode 120000
index 000000000000..5795bc88ebaf
--- /dev/null
+++ b/fips140/crypto/ecdsa-p1363.c
@@ -0,0 +1 @@
+../../crypto/ecdsa-p1363.c
\ No newline at end of file
diff --git a/fips140/crypto/ecdsa-x962.c b/fips140/crypto/ecdsa-x962.c
new file mode 120000
index 000000000000..e0cf7c741683
--- /dev/null
+++ b/fips140/crypto/ecdsa-x962.c
@@ -0,0 +1 @@
+../../crypto/ecdsa-x962.c
\ No newline at end of file
diff --git a/fips140/crypto/ecdsa.c b/fips140/crypto/ecdsa.c
new file mode 120000
index 000000000000..b9bf37d37397
--- /dev/null
+++ b/fips140/crypto/ecdsa.c
@@ -0,0 +1 @@
+../../crypto/ecdsa.c
\ No newline at end of file
diff --git a/fips140/crypto/ecdsasignature.asn1 b/fips140/crypto/ecdsasignature.asn1
new file mode 120000
index 000000000000..7fa5850233fc
--- /dev/null
+++ b/fips140/crypto/ecdsasignature.asn1
@@ -0,0 +1 @@
+../../crypto/ecdsasignature.asn1
\ No newline at end of file
diff --git a/fips140/crypto/echainiv.c b/fips140/crypto/echainiv.c
new file mode 120000
index 000000000000..fee662c9a8d0
--- /dev/null
+++ b/fips140/crypto/echainiv.c
@@ -0,0 +1 @@
+../../crypto/echainiv.c
\ No newline at end of file
diff --git a/fips140/crypto/essiv.c b/fips140/crypto/essiv.c
new file mode 120000
index 000000000000..6554857abd79
--- /dev/null
+++ b/fips140/crypto/essiv.c
@@ -0,0 +1 @@
+../../crypto/essiv.c
\ No newline at end of file
diff --git a/fips140/crypto/gcm.c b/fips140/crypto/gcm.c
new file mode 120000
index 000000000000..b8ef945a7444
--- /dev/null
+++ b/fips140/crypto/gcm.c
@@ -0,0 +1 @@
+../../crypto/gcm.c
\ No newline at end of file
diff --git a/fips140/crypto/geniv.c b/fips140/crypto/geniv.c
new file mode 120000
index 000000000000..059afe3c124c
--- /dev/null
+++ b/fips140/crypto/geniv.c
@@ -0,0 +1 @@
+../../crypto/geniv.c
\ No newline at end of file
diff --git a/fips140/crypto/ghash-generic.c b/fips140/crypto/ghash-generic.c
new file mode 120000
index 000000000000..ebb7c8aee335
--- /dev/null
+++ b/fips140/crypto/ghash-generic.c
@@ -0,0 +1 @@
+../../crypto/ghash-generic.c
\ No newline at end of file
diff --git a/fips140/crypto/hash.h b/fips140/crypto/hash.h
new file mode 120000
index 000000000000..41ba73037bc9
--- /dev/null
+++ b/fips140/crypto/hash.h
@@ -0,0 +1 @@
+../../crypto/hash.h
\ No newline at end of file
diff --git a/fips140/crypto/hmac.c b/fips140/crypto/hmac.c
new file mode 120000
index 000000000000..162f4c205f1b
--- /dev/null
+++ b/fips140/crypto/hmac.c
@@ -0,0 +1 @@
+../../crypto/hmac.c
\ No newline at end of file
diff --git a/fips140/crypto/internal.h b/fips140/crypto/internal.h
new file mode 120000
index 000000000000..670e77b6a0d6
--- /dev/null
+++ b/fips140/crypto/internal.h
@@ -0,0 +1 @@
+../../crypto/internal.h
\ No newline at end of file
diff --git a/fips140/crypto/jitterentropy-kcapi.c b/fips140/crypto/jitterentropy-kcapi.c
new file mode 120000
index 000000000000..30e13bbd6099
--- /dev/null
+++ b/fips140/crypto/jitterentropy-kcapi.c
@@ -0,0 +1 @@
+../../crypto/jitterentropy-kcapi.c
\ No newline at end of file
diff --git a/fips140/crypto/jitterentropy.c b/fips140/crypto/jitterentropy.c
new file mode 120000
index 000000000000..cb9a117048af
--- /dev/null
+++ b/fips140/crypto/jitterentropy.c
@@ -0,0 +1 @@
+../../crypto/jitterentropy.c
\ No newline at end of file
diff --git a/fips140/crypto/jitterentropy.h b/fips140/crypto/jitterentropy.h
new file mode 120000
index 000000000000..991e4585e6e0
--- /dev/null
+++ b/fips140/crypto/jitterentropy.h
@@ -0,0 +1 @@
+../../crypto/jitterentropy.h
\ No newline at end of file
diff --git a/fips140/crypto/kpp.c b/fips140/crypto/kpp.c
new file mode 120000
index 000000000000..8fbd20de20df
--- /dev/null
+++ b/fips140/crypto/kpp.c
@@ -0,0 +1 @@
+../../crypto/kpp.c
\ No newline at end of file
diff --git a/fips140/crypto/lskcipher.c b/fips140/crypto/lskcipher.c
new file mode 120000
index 000000000000..997c2c0eafb4
--- /dev/null
+++ b/fips140/crypto/lskcipher.c
@@ -0,0 +1 @@
+../../crypto/lskcipher.c
\ No newline at end of file
diff --git a/fips140/crypto/pcrypt.c b/fips140/crypto/pcrypt.c
new file mode 120000
index 000000000000..9ef1ba4b9f66
--- /dev/null
+++ b/fips140/crypto/pcrypt.c
@@ -0,0 +1 @@
+../../crypto/pcrypt.c
\ No newline at end of file
diff --git a/fips140/crypto/proc.c b/fips140/crypto/proc.c
new file mode 120000
index 000000000000..5dfad57a688c
--- /dev/null
+++ b/fips140/crypto/proc.c
@@ -0,0 +1 @@
+../../crypto/proc.c
\ No newline at end of file
diff --git a/fips140/crypto/rng.c b/fips140/crypto/rng.c
new file mode 120000
index 000000000000..2ac107582b56
--- /dev/null
+++ b/fips140/crypto/rng.c
@@ -0,0 +1 @@
+../../crypto/rng.c
\ No newline at end of file
diff --git a/fips140/crypto/rsa-pkcs1pad.c b/fips140/crypto/rsa-pkcs1pad.c
new file mode 120000
index 000000000000..e81ca29bc1c0
--- /dev/null
+++ b/fips140/crypto/rsa-pkcs1pad.c
@@ -0,0 +1 @@
+../../crypto/rsa-pkcs1pad.c
\ No newline at end of file
diff --git a/fips140/crypto/rsa.c b/fips140/crypto/rsa.c
new file mode 120000
index 000000000000..05903a691c9f
--- /dev/null
+++ b/fips140/crypto/rsa.c
@@ -0,0 +1 @@
+../../crypto/rsa.c
\ No newline at end of file
diff --git a/fips140/crypto/rsa_helper.c b/fips140/crypto/rsa_helper.c
new file mode 120000
index 000000000000..ae17e923013c
--- /dev/null
+++ b/fips140/crypto/rsa_helper.c
@@ -0,0 +1 @@
+../../crypto/rsa_helper.c
\ No newline at end of file
diff --git a/fips140/crypto/rsaprivkey.asn1 b/fips140/crypto/rsaprivkey.asn1
new file mode 120000
index 000000000000..c798dadccde5
--- /dev/null
+++ b/fips140/crypto/rsaprivkey.asn1
@@ -0,0 +1 @@
+../../crypto/rsaprivkey.asn1
\ No newline at end of file
diff --git a/fips140/crypto/rsapubkey.asn1 b/fips140/crypto/rsapubkey.asn1
new file mode 120000
index 000000000000..e3bbdd50e4a1
--- /dev/null
+++ b/fips140/crypto/rsapubkey.asn1
@@ -0,0 +1 @@
+../../crypto/rsapubkey.asn1
\ No newline at end of file
diff --git a/fips140/crypto/rsassa-pkcs1.c b/fips140/crypto/rsassa-pkcs1.c
new file mode 120000
index 000000000000..8cb36646c148
--- /dev/null
+++ b/fips140/crypto/rsassa-pkcs1.c
@@ -0,0 +1 @@
+../../crypto/rsassa-pkcs1.c
\ No newline at end of file
diff --git a/fips140/crypto/seqiv.c b/fips140/crypto/seqiv.c
new file mode 120000
index 000000000000..dc7e9c533d2c
--- /dev/null
+++ b/fips140/crypto/seqiv.c
@@ -0,0 +1 @@
+../../crypto/seqiv.c
\ No newline at end of file
diff --git a/fips140/crypto/sha256.c b/fips140/crypto/sha256.c
new file mode 120000
index 000000000000..487d843d4d82
--- /dev/null
+++ b/fips140/crypto/sha256.c
@@ -0,0 +1 @@
+../../crypto/sha256.c
\ No newline at end of file
diff --git a/fips140/crypto/sha3_generic.c b/fips140/crypto/sha3_generic.c
new file mode 120000
index 000000000000..3719d7f58f4a
--- /dev/null
+++ b/fips140/crypto/sha3_generic.c
@@ -0,0 +1 @@
+../../crypto/sha3_generic.c
\ No newline at end of file
diff --git a/fips140/crypto/sha512.c b/fips140/crypto/sha512.c
new file mode 120000
index 000000000000..8639124175e2
--- /dev/null
+++ b/fips140/crypto/sha512.c
@@ -0,0 +1 @@
+../../crypto/sha512.c
\ No newline at end of file
diff --git a/fips140/crypto/shash.c b/fips140/crypto/shash.c
new file mode 120000
index 000000000000..ffb09e16c542
--- /dev/null
+++ b/fips140/crypto/shash.c
@@ -0,0 +1 @@
+../../crypto/shash.c
\ No newline at end of file
diff --git a/fips140/crypto/sig.c b/fips140/crypto/sig.c
new file mode 120000
index 000000000000..742f337b3cd5
--- /dev/null
+++ b/fips140/crypto/sig.c
@@ -0,0 +1 @@
+../../crypto/sig.c
\ No newline at end of file
diff --git a/fips140/crypto/simd.c b/fips140/crypto/simd.c
new file mode 120000
index 000000000000..72398481d19d
--- /dev/null
+++ b/fips140/crypto/simd.c
@@ -0,0 +1 @@
+../../crypto/simd.c
\ No newline at end of file
diff --git a/fips140/crypto/skcipher.c b/fips140/crypto/skcipher.c
new file mode 120000
index 000000000000..225d8cb56748
--- /dev/null
+++ b/fips140/crypto/skcipher.c
@@ -0,0 +1 @@
+../../crypto/skcipher.c
\ No newline at end of file
diff --git a/fips140/crypto/skcipher.h b/fips140/crypto/skcipher.h
new file mode 120000
index 000000000000..d93f94a9127e
--- /dev/null
+++ b/fips140/crypto/skcipher.h
@@ -0,0 +1 @@
+../../crypto/skcipher.h
\ No newline at end of file
diff --git a/fips140/crypto/tcrypt.c b/fips140/crypto/tcrypt.c
new file mode 120000
index 000000000000..5c59dd1d6109
--- /dev/null
+++ b/fips140/crypto/tcrypt.c
@@ -0,0 +1 @@
+../../crypto/tcrypt.c
\ No newline at end of file
diff --git a/fips140/crypto/tcrypt.h b/fips140/crypto/tcrypt.h
new file mode 120000
index 000000000000..d643316fd181
--- /dev/null
+++ b/fips140/crypto/tcrypt.h
@@ -0,0 +1 @@
+../../crypto/tcrypt.h
\ No newline at end of file
diff --git a/fips140/crypto/testmgr.c b/fips140/crypto/testmgr.c
new file mode 120000
index 000000000000..0b105587d3d8
--- /dev/null
+++ b/fips140/crypto/testmgr.c
@@ -0,0 +1 @@
+../../crypto/testmgr.c
\ No newline at end of file
diff --git a/fips140/crypto/testmgr.h b/fips140/crypto/testmgr.h
new file mode 120000
index 000000000000..486e31b584a5
--- /dev/null
+++ b/fips140/crypto/testmgr.h
@@ -0,0 +1 @@
+../../crypto/testmgr.h
\ No newline at end of file
diff --git a/fips140/crypto/xts.c b/fips140/crypto/xts.c
new file mode 120000
index 000000000000..2ee6ce8b2c43
--- /dev/null
+++ b/fips140/crypto/xts.c
@@ -0,0 +1 @@
+../../crypto/xts.c
\ No newline at end of file
diff --git a/fips140/lib/crypto/aes.c b/fips140/lib/crypto/aes.c
new file mode 120000
index 000000000000..752e48faca8f
--- /dev/null
+++ b/fips140/lib/crypto/aes.c
@@ -0,0 +1 @@
+../../../lib/crypto/aes.c
\ No newline at end of file
diff --git a/fips140/lib/crypto/aesgcm.c b/fips140/lib/crypto/aesgcm.c
new file mode 120000
index 000000000000..d36e6b666511
--- /dev/null
+++ b/fips140/lib/crypto/aesgcm.c
@@ -0,0 +1 @@
+../../../lib/crypto/aesgcm.c
\ No newline at end of file
diff --git a/fips140/lib/crypto/gf128mul.c b/fips140/lib/crypto/gf128mul.c
new file mode 120000
index 000000000000..ad4f4a232bb0
--- /dev/null
+++ b/fips140/lib/crypto/gf128mul.c
@@ -0,0 +1 @@
+../../../lib/crypto/gf128mul.c
\ No newline at end of file
diff --git a/fips140/lib/crypto/memneq.c b/fips140/lib/crypto/memneq.c
new file mode 120000
index 000000000000..3c73a12c9f71
--- /dev/null
+++ b/fips140/lib/crypto/memneq.c
@@ -0,0 +1 @@
+../../../lib/crypto/memneq.c
\ No newline at end of file
diff --git a/fips140/lib/crypto/sha256.c b/fips140/lib/crypto/sha256.c
new file mode 120000
index 000000000000..d36c2b0f3b4f
--- /dev/null
+++ b/fips140/lib/crypto/sha256.c
@@ -0,0 +1 @@
+../../../lib/crypto/sha256.c
\ No newline at end of file
diff --git a/fips140/lib/crypto/sha512.c b/fips140/lib/crypto/sha512.c
new file mode 120000
index 000000000000..94712c686209
--- /dev/null
+++ b/fips140/lib/crypto/sha512.c
@@ -0,0 +1 @@
+../../../lib/crypto/sha512.c
\ No newline at end of file
diff --git a/fips140/lib/crypto/utils.c b/fips140/lib/crypto/utils.c
new file mode 120000
index 000000000000..543c49b255de
--- /dev/null
+++ b/fips140/lib/crypto/utils.c
@@ -0,0 +1 @@
+../../../lib/crypto/utils.c
\ No newline at end of file
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 100/104] crypto: fips140: add standalone FIPS 140 module
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (98 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 099/104] crypto: fips140: add symlinks to kernel sources Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 101/104] crypto: fips140: add FIPS 140 module loader Vegard Nossum
` (4 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
This code is partly based on the existing crypto/fips.c code and partly on
the Android FIPS 140 module [1]; __fips_initcalls/run_initcalls() based
loosely on code by Jay Wang <wanjay@amazon.com>.
[1]: https://android.googlesource.com/kernel/common/+/1ca1130ec62d/crypto/fips140-module.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/Kconfig | 16 +--
fips140/Kconfig | 174 +++++++++++++++++++++++++++++++++
fips140/Makefile | 183 ++++++++++++++++++++++++++++++++++
fips140/fips140-glue.c | 216 +++++++++++++++++++++++++++++++++++++++++
fips140/fips140.lds | 9 ++
5 files changed, 583 insertions(+), 15 deletions(-)
create mode 100644 fips140/Kconfig
create mode 100644 fips140/Makefile
create mode 100644 fips140/fips140-glue.c
create mode 100644 fips140/fips140.lds
diff --git a/crypto/Kconfig b/crypto/Kconfig
index a2696ea30bde..f9b2f87ad04b 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -54,21 +54,7 @@ config CRYPTO_FIPS_VERSION
This option provides the ability to override the FIPS Module Version.
By default the KERNELRELEASE value is used.
-config CRYPTO_FIPS140_EXTMOD
- bool "FIPS 140-3 external module"
- depends on CRYPTO_FIPS
- help
- Support loading a prebuilt FIPS 140-3 cryptographic module.
-
-config CRYPTO_FIPS140_HMAC_KEY
- string "FIPS 140-3 external module HMAC key"
- depends on CRYPTO_FIPS140_EXTMOD
- default "Sphinx of black quartz, judge my vow"
- help
- This is the HMAC key used to build and verify the integrity of
- the FIPS module.
-
- Must be at least 14 characters.
+source "fips140/Kconfig"
config CRYPTO_ALGAPI
tristate
diff --git a/fips140/Kconfig b/fips140/Kconfig
new file mode 100644
index 000000000000..188c5f360eab
--- /dev/null
+++ b/fips140/Kconfig
@@ -0,0 +1,174 @@
+# NOTE: the structure of this file mirrors that of crypto/Kconfig
+# and crypto/asymmetric/keys/Kconfig
+
+config CRYPTO_FIPS140_EXTMOD
+ bool "FIPS 140-3 external module"
+ depends on MODULES
+ depends on CRYPTO_FIPS
+ help
+ Support loading a prebuilt FIPS 140-3 cryptographic module.
+
+if CRYPTO_FIPS140_EXTMOD
+
+config CRYPTO_FIPS140_HMAC_KEY
+ string "FIPS 140-3 external module HMAC key"
+ default "Sphinx of black quartz, judge my vow"
+ help
+ This is the HMAC key used to build and verify the integrity of
+ the FIPS module.
+
+ Must be at least 14 characters.
+
+config CRYPTO_FIPS140_PCRYPT
+ bool
+ default CRYPTO_PCRYPT
+
+menu "FIPS 140 external module algorithms"
+ depends on CRYPTO_FIPS140_EXTMOD
+
+#
+# Public-key cryptography
+#
+
+config CRYPTO_FIPS140_RSA
+ bool "RSA (Rivest-Shamir-Adleman)"
+ default CRYPTO_RSA
+
+config CRYPTO_FIPS140_DH
+ bool "DH (Diffie-Hellman)"
+ default CRYPTO_DH
+
+config CRYPTO_FIPS140_ECC
+ bool
+ default CRYPTO_ECC
+
+config CRYPTO_FIPS140_ECDH
+ bool "ECDH (Elliptic Curve Diffie-Hellman)"
+ select CRYPTO_FIPS140_ECC
+ default CRYPTO_ECDH
+
+config CRYPTO_FIPS140_ECDSA
+ bool "ECDSA (Elliptic Curve Digital Signature Algorithm)"
+ default CRYPTO_ECDSA
+
+#
+# Block ciphers
+#
+
+config CRYPTO_FIPS140_AES
+ bool "AES (Advanced Encryption Standard)"
+ default CRYPTO_AES
+
+#
+# Length-preserving ciphers and modes
+#
+
+config CRYPTO_FIPS140_CBC
+ bool "CBC (Cipher Block Chaining)"
+ default CRYPTO_CBC
+
+config CRYPTO_FIPS140_CTR
+ bool "CTR (Counter)"
+ default CRYPTO_CTR
+
+config CRYPTO_FIPS140_ECB
+ bool "ECB (Electronic Codebook)"
+ default CRYPTO_ECB
+
+config CRYPTO_FIPS140_XTS
+ bool "XTS (XOR Encrypt XOR with ciphertext stealing)"
+ default CRYPTO_XTS
+
+#
+# AEAD (authenticated encryption with associated data) ciphers
+#
+
+config CRYPTO_FIPS140_CCM
+ bool "CCM (Counter with Cipher Block Chaining-MAC)"
+ default CRYPTO_CCM
+
+config CRYPTO_FIPS140_GCM
+ bool "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
+ default CRYPTO_GCM
+
+config CRYPTO_FIPS140_GENIV
+ bool
+ default CRYPTO_GENIV
+
+config CRYPTO_FIPS140_SEQIV
+ bool "Sequence Number IV Generator"
+ select CRYPTO_FIPS140_GENIV
+ default CRYPTO_SEQIV
+
+config CRYPTO_FIPS140_ECHAINIV
+ bool "Encrypted Chain IV Generator"
+ select CRYPTO_FIPS140_GENIV
+ default CRYPTO_ECHAINIV
+
+config CRYPTO_FIPS140_ESSIV
+ bool "Encrypted Salt-Sector IV Generator"
+ default CRYPTO_ESSIV
+
+#
+# Hashes, digests, and MACs
+#
+
+config CRYPTO_FIPS140_CMAC
+ bool "CMAC (Cipher-based MAC)"
+ default CRYPTO_CMAC
+
+config CRYPTO_FIPS140_HMAC
+ bool "HMAC (Keyed-Hash MAC)"
+ default CRYPTO_HMAC
+
+config CRYPTO_FIPS140_SHA256
+ bool "SHA-244 and SHA-256"
+ default CRYPTO_SHA256
+
+config CRYPTO_FIPS140_SHA512
+ bool "SHA-384 and SHA-512"
+ default CRYPTO_SHA512
+
+config CRYPTO_FIPS140_SHA3
+ bool "SHA-3"
+ default CRYPTO_SHA3
+
+#
+# Random number generation
+#
+
+config CRYPTO_FIPS140_JITTERENTROPY
+ bool "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
+ select CRYPTO_FIPS140_SHA3
+
+#
+# Asymmetric keys
+#
+
+config FIPS140_ASYMMETRIC_KEY_TYPE
+ bool "Asymmetric (public-key cryptographic) key type"
+ default ASYMMETRIC_KEY_TYPE
+
+if FIPS140_ASYMMETRIC_KEY_TYPE
+
+config FIPS140_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ bool "Asymmetric public-key crypto algorithm subtype"
+ default ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+
+config FIPS140_X509_CERTIFICATE_PARSER
+ bool "X.509 certificate parser"
+ default X509_CERTIFICATE_PARSER
+
+config FIPS140_PKCS8_PRIVATE_KEY_PARSER
+ bool "PKCS#8 private key parser"
+ default PKCS8_PRIVATE_KEY_PARSER
+
+config FIPS140_PKCS7_MESSAGE_PARSER
+ bool "PKCS#7 message parser"
+ default PKCS7_MESSAGE_PARSER
+
+endif
+
+endmenu
+
+endif # if CRYPTO_FIPS140_EXTMOD
diff --git a/fips140/Makefile b/fips140/Makefile
new file mode 100644
index 000000000000..47365f1b3e27
--- /dev/null
+++ b/fips140/Makefile
@@ -0,0 +1,183 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org>
+# Copyright © 2025, Oracle and/or its affiliates.
+#
+
+#
+# Global options
+#
+
+# make sure both .c and .S files see this
+subdir-ccflags-y += -DFIPS_MODULE=1
+subdir-asflags-y += -DFIPS_MODULE=1
+
+#
+# Glue
+#
+
+fips140-y := fips140-glue.o
+
+#
+# crypto/Makefile
+#
+
+fips140-y += crypto/algapi.o
+fips140-y += crypto/api.o
+fips140-y += crypto/ahash.o
+fips140-y += crypto/cryptd.o
+fips140-y += crypto/shash.o
+fips140-y += crypto/proc.o
+
+# cryptomgr.ko
+fips140-y += crypto/algboss.o crypto/testmgr.o
+
+fips140-$(CONFIG_CRYPTO_FIPS140_SHA3) += crypto/sha3_generic.o
+
+# jitterentropy_rng.ko
+CFLAGS_crypto/jitterentropy.o = -O0
+KASAN_SANITIZE_crypto/jitterentropy.o = n
+UBSAN_SANITIZE_crypto/jitterentropy.o = n
+fips140-$(CONFIG_CRYPTO_FIPS140_JITTERENTROPY) += crypto/jitterentropy.o crypto/jitterentropy-kcapi.o
+
+fips140-$(CONFIG_CRYPTO_FIPS140_SHA512) += crypto/sha512.o
+
+fips140-$(CONFIG_CRYPTO_FIPS140_PCRYPT) += crypto/pcrypt.o
+fips140-y += crypto/ghash-generic.o
+
+# crypto_simd.ko
+fips140-y += crypto/simd.o
+
+fips140-$(CONFIG_CRYPTO_FIPS140_HMAC) += crypto/hmac.o
+fips140-y += crypto/authenc.o
+fips140-y += crypto/authencesn.o
+
+# rsa_generic.ko
+fips140-$(CONFIG_CRYPTO_FIPS140_RSA) += $(addprefix crypto/, \
+ rsapubkey.asn1.o \
+ rsaprivkey.asn1.o \
+ rsa.o \
+ rsa_helper.o \
+ rsa-pkcs1pad.o \
+ rsassa-pkcs1.o \
+)
+
+fips140-$(CONFIG_CRYPTO_FIPS140_SHA256) += crypto/sha256.o
+
+fips140-$(CONFIG_CRYPTO_FIPS140_CMAC) += crypto/cmac.o
+fips140-$(CONFIG_CRYPTO_FIPS140_AES) += crypto/aes_generic.o
+fips140-$(CONFIG_CRYPTO_FIPS140_CBC) += crypto/cbc.o
+fips140-$(CONFIG_CRYPTO_FIPS140_CCM) += crypto/ccm.o
+fips140-$(CONFIG_CRYPTO_FIPS140_ECB) += crypto/ecb.o
+fips140-$(CONFIG_CRYPTO_FIPS140_CTR) += crypto/ctr.o
+fips140-$(CONFIG_CRYPTO_FIPS140_ECC) += crypto/ecc.o
+fips140-y += crypto/drbg.o
+
+fips140-$(CONFIG_CRYPTO_FIPS140_ECDH) += $(addprefix crypto/, \
+ ecdh.o \
+ ecdh_helper.o \
+)
+
+# ecdsa_generic.ko
+$(obj)/crypto/ecdsasignature.asn1.o: $(obj)/crypto/ecdsasignature.asn1.c $(obj)/crypto/ecdsasignature.asn1.h
+$(obj)/crypto/ecdsa.o: $(obj)/crypto/ecdsasignature.asn1.h
+fips140-$(CONFIG_CRYPTO_FIPS140_ECDSA) += $(addprefix crypto/, \
+ ecdsa.o \
+ ecdsa-x962.o \
+ ecdsa-p1363.o \
+ ecdsasignature.asn1.o \
+)
+
+# dh_generic.ko
+fips140-$(CONFIG_CRYPTO_FIPS140_DH) += $(addprefix crypto/, \
+ dh.o \
+ dh_helper.o \
+)
+
+fips140-$(CONFIG_CRYPTO_FIPS140_GCM) += crypto/gcm.o
+fips140-$(CRYPTO_FIPS140_XTS) += crypto/xts.o
+fips140-y += crypto/tcrypt.o
+
+fips140-y += crypto/aead.o
+fips140-y += crypto/kpp.o
+fips140-y += crypto/cipher.o
+fips140-y += crypto/akcipher.o
+fips140-y += crypto/skcipher.o
+fips140-y += crypto/lskcipher.o
+fips140-y += crypto/rng.o
+fips140-y += crypto/sig.o
+fips140-$(CONFIG_CRYPTO_FIPS140_GENIV) += crypto/geniv.o
+fips140-$(CONFIG_CRYPTO_FIPS140_SEQIV) += crypto/seqiv.o
+fips140-$(CONFIG_CRYPTO_FIPS140_ECHAINIV) += crypto/echainiv.o
+fips140-$(CONFIG_CRYPTO_FIPS140_ESSIV) += crypto/essiv.o
+
+#
+# crypto/asymmetric_keys/Makefile
+#
+
+fips140-$(CONFIG_FIPS140_ASYMMETRIC_KEY_TYPE) += \
+ $(addprefix crypto/asymmetric_keys/, \
+ asymmetric_type.o restrict.o signature.o)
+
+fips140-$(CONFIG_FIPS140_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += crypto/asymmetric_keys/public_key.o
+
+$(obj)/crypto/asymmetric_keys/x509_cert_parser.o: \
+ $(addprefix $(obj)/crypto/asymmetric_keys/, \
+ x509.asn1.h x509_akid.asn1.h)
+$(obj)/crypto/asymmetric_keys/x509.asn1.o: \
+ $(addprefix $(obj)/crypto/asymmetric_keys/, \
+ x509.asn1.c x509.asn1.h)
+$(obj)/crypto/asymmetric_keys/x509_akid.asn1.o: \
+ $(addprefix $(obj)/crypto/asymmetric_keys/, \
+ x509_akid.asn1.c x509_akid.asn1.h)
+
+fips140-$(CONFIG_FIPS140_X509_CERTIFICATE_PARSER) += \
+ $(addprefix crypto/asymmetric_keys/, \
+ x509_cert_parser.o \
+ x509_loader.o \
+ x509_akid.asn1.o \
+ x509.asn1.o \
+ x509_public_key.o \
+ )
+
+$(obj)/crypto/asymmetric_keys/pkcs8_parser.o: $(obj)/crypto/asymmetric_keys/pkcs8.asn1.h
+$(obj)/crypto/asymmetric_keys/pkcs8-asn1.o: \
+ $(addprefix $(obj)/crypto/asymmetric_keys/, \
+ pkcs8.asn1.c pkcs8.asn1.h)
+
+fips140-$(CONFIG_FIPS140_PKCS8_PRIVATE_KEY_PARSER) += \
+ $(addprefix crypto/asymmetric_keys/, \
+ pkcs8_parser.o \
+ pkcs8.asn1.o \
+ )
+
+fips140-$(CONFIG_FIPS140_PKCS7_MESSAGE_PARSER) += \
+ $(addprefix crypto/asymmetric_keys/, \
+ pkcs7_parser.o \
+ pkcs7_trust.o \
+ pkcs7_verify.o \
+ pkcs7_key_type.o \
+ pkcs7.asn1.o \
+ )
+
+$(obj)/crypto/asymmetric_keys/pkcs7_parser.o: $(obj)/crypto/asymmetric_keys/pkcs7.asn1.h
+$(obj)/crypto/asymmetric_keys/pkcs7.asn1.o: \
+ $(addprefix $(obj)/crypto/asymmetric_keys/, \
+ pkcs7.asn1.c pkcs7.asn1.h)
+
+#
+# lib/crypto/Makefile
+#
+
+fips140-y += lib/crypto/aes.o
+fips140-y += lib/crypto/aesgcm.o
+fips140-y += lib/crypto/sha256.o
+fips140-y += lib/crypto/sha512.o
+fips140-y += lib/crypto/gf128mul.o
+fips140-y += lib/crypto/memneq.o
+fips140-y += lib/crypto/utils.o
+
+# Use custom linker script to collect initcalls
+LDFLAGS_fips140.o += -T $(src)/fips140.lds
+
+obj-m += fips140.o
diff --git a/fips140/fips140-glue.c b/fips140/fips140-glue.c
new file mode 100644
index 000000000000..69db638c68d1
--- /dev/null
+++ b/fips140/fips140-glue.c
@@ -0,0 +1,216 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * FIPS 140-3 and FIPS 200 support.
+ *
+ * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
+ * Copyright 2021 Google LLC
+ * Copyright (c) 2025, Oracle and/or its affiliates.
+ */
+
+#include <generated/utsrelease.h>
+
+#include <linux/export.h>
+#include <linux/fips.h>
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/string.h>
+#include <linux/sysctl.h>
+
+#include <crypto/api.h>
+#include <crypto/hash.h>
+
+#include "crypto/internal.h"
+
+#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
+#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
+#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
+#else
+#define FIPS_MODULE_VERSION UTS_RELEASE
+#endif
+
+static char fips_name[] = FIPS_MODULE_NAME;
+static char fips_version[] = FIPS_MODULE_VERSION;
+
+/*
+ * FIPS 140-2 prefers the use of HMAC with a public key over a plain hash.
+ */
+static const u8 fips140_integ_hmac_key[] = CONFIG_CRYPTO_FIPS140_HMAC_KEY;
+
+int fips_operational = 0;
+
+static int verify_integrity(void)
+{
+ int err;
+
+ struct crypto_shash *tfm = NULL;
+ SHASH_DESC_ON_STACK(desc, dontcare);
+ u8 digest[SHA256_DIGEST_SIZE];
+
+ /*
+ * Verify integrity
+ */
+
+ tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
+ if (IS_ERR(tfm))
+ panic("FIPS 140: failed to allocate hmac tfm (%ld)\n", PTR_ERR(tfm));
+
+ desc->tfm = tfm;
+ pr_info("FIPS 140: using '%s' for integrity check\n",
+ crypto_shash_driver_name(tfm));
+
+ err = crypto_shash_setkey(tfm, fips140_integ_hmac_key, strlen(fips140_integ_hmac_key));
+ if (err)
+ panic("FIPS 140: crypto_shash_setkey() failed: %d\n", err);
+
+ err = crypto_shash_init(desc);
+ if (err)
+ panic("FIPS 140: crypto_shash_init() failed: %d\n", err);
+
+ /* Compute HMAC over the module's source memory */
+ //err = crypto_shash_update(desc, THIS_MODULE->source_ptr, THIS_MODULE->source_len);
+ err = crypto_shash_update(desc, _binary_fips140_ko_start, _binary_fips140_ko_end - _binary_fips140_ko_start);
+ if (err)
+ panic("FIPS 140: crypto_shash_update() failed: %d\n", err);
+
+ err = crypto_shash_final(desc, digest);
+ if (err)
+ panic("FIPS 140: crypto_shash_final() failed: %d\n", err);
+
+ /* Zeroizing this is important; see the comment below. */
+ shash_desc_zero(desc);
+
+ if (err)
+ panic("FIPS 140: failed to calculate hmac shash (%d)\n", err);
+
+ pr_info("FIPS 140: expected digest: %*phN\n", (int)sizeof(digest), _binary_fips140_hmac_start);
+ pr_info("FIPS 140: computed digest: %*phN\n", (int)sizeof(digest), digest);
+
+ if (memcmp(digest, _binary_fips140_hmac_start, sizeof(digest)))
+ panic("FIPS 140: failed integrity check\n");
+
+ /*
+ * FIPS 140-3 requires that all "temporary value(s) generated during the
+ * integrity test" be zeroized (ref: FIPS 140-3 IG 9.7.B). There is no
+ * technical reason to do this given that these values are public
+ * information, but this is the requirement so we follow it.
+ */
+ crypto_free_shash(tfm);
+ memzero_explicit(digest, sizeof(digest));
+
+ return 0;
+}
+
+/* This technically is never supposed to change. */
+static int fips_standalone = 1;
+
+static struct ctl_table crypto_sysctl_table[] = {
+ {
+ .procname = "fips_enabled",
+ /*
+ * Note: we use fips_operational instead of fips_enabled,
+ * since fips_enabled is more like "FIPS was requested",
+ * and is nonzero before self testing and integrity testing
+ * has finished. However, the difference is theoretical
+ * since this file will not even be created until the
+ * testing has completed.
+ */
+ .data = &fips_operational,
+ .maxlen = sizeof(int),
+ .mode = 0444,
+ .proc_handler = proc_dointvec,
+ },
+ {
+ .procname = "fips_name",
+ .data = &fips_name,
+ .maxlen = sizeof(fips_name),
+ .mode = 0444,
+ .proc_handler = proc_dostring,
+ },
+ {
+ .procname = "fips_version",
+ .data = &fips_version,
+ .maxlen = sizeof(fips_version),
+ .mode = 0444,
+ .proc_handler = proc_dostring,
+ },
+ /*
+ * Helper file for dracut that always returns "1" to indicate
+ * that no userspace help is needed to get the FIPS module
+ * operational.
+ */
+ {
+ .procname = "fips_standalone",
+ .data = &fips_standalone,
+ .maxlen = sizeof(fips_standalone),
+ .mode = 0444,
+ .proc_handler = proc_dointvec,
+ },
+};
+
+static struct ctl_table_header *crypto_sysctls;
+
+static int __init check_nonfips_alg_list(void)
+{
+ extern struct list_head nonfips_crypto_alg_list;
+
+ struct crypto_alg *q;
+ int err = 0;
+
+ list_for_each_entry(q, &nonfips_crypto_alg_list, cra_list) {
+ pr_err("FIPS 140: found registered non-FIPS algorithm %s (%s)\n", q->cra_name, q->cra_driver_name);
+ err = 1;
+ }
+
+ return err;
+}
+
+static int __init run_initcalls(void)
+{
+ extern unsigned long __fips_initcalls_start[];
+ extern unsigned long __fips_initcalls_end[];
+
+ for (unsigned long *initcall = __fips_initcalls_start;
+ initcall != __fips_initcalls_end; ++initcall)
+ {
+ int ret;
+ initcall_t fn;
+
+ fn = (initcall_t) *initcall;
+ pr_info("FIPS 140: calling %pS\n", fn);
+
+ ret = fn();
+ if (!ret || ret == -ENODEV)
+ continue;
+
+ panic("FIPS 140: initcall %pS failed: %d\n", fn, ret);
+ }
+
+ return 0;
+}
+
+static int __init fips140_init(void)
+{
+ pr_info("FIPS 140: %s version %s\n", fips_name, fips_version);
+
+ if (check_nonfips_alg_list())
+ panic("FIPS 140: found registered non-FIPS algorithms\n");
+
+ run_initcalls();
+
+ if (verify_integrity())
+ panic("FIPS 140: integrity check failed\n");
+
+ crypto_sysctls = register_sysctl("crypto", crypto_sysctl_table);
+ if (!crypto_sysctls)
+ panic("FIPS 140: failed to register sysctls");
+
+ fips_operational = 1;
+
+ pr_info("FIPS 140: operational\n");
+ return 0;
+}
+module_init(fips140_init);
+
+MODULE_DESCRIPTION("FIPS 140 Cryptographic Module");
+MODULE_LICENSE("GPL");
diff --git a/fips140/fips140.lds b/fips140/fips140.lds
new file mode 100644
index 000000000000..78ac3fa7a7db
--- /dev/null
+++ b/fips140/fips140.lds
@@ -0,0 +1,9 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+SECTIONS {
+ .init.data : {
+ __fips_initcalls_start = .;
+ *(.fips_initcall)
+ __fips_initcalls_end = .;
+ }
+}
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 101/104] crypto: fips140: add FIPS 140 module loader
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (99 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 100/104] crypto: fips140: add standalone FIPS 140 module Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 102/104] scripts/extract-fips140: new script Vegard Nossum
` (3 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum,
Saeed Mirzamohammadi
Add a mechanism for loading a FIPS module from a byte array compiled
into vmlinux.
fips140-module.o and fips140-digest.o are files generated during the build
of the FIPS cryptographic module; fips140-module.o provides the following
symbols:
- _binary_fips140_ko_start
- _binary_fips140_ko_end
while fips140-digest.o provides the following symbol:
- _binary_fips140_hmac_start
fips140-loader.c then uses the _binary_fips140_ko_start/_end byte array
with load_module_mem() in arch_initcall_sync call to load the
precompiled FIPS 140 module.
This code is partly based on the existing crypto/fips.c code and partly on
the Android FIPS 140 module [1].
[1]: https://android.googlesource.com/kernel/common/+/1ca1130ec62d/crypto/fips140-module.c
Only arm64 and x86-64 are explicitly supported for now.
Co-developed-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
arch/arm64/kernel/vmlinux.lds.S | 1 +
crypto/Makefile | 24 ++++++++
crypto/fips140-loader.c | 96 +++++++++++++++++++++++++++++++
include/asm-generic/vmlinux.lds.h | 37 +++++++++++-
include/linux/fips.h | 17 ++++++
5 files changed, 174 insertions(+), 1 deletion(-)
create mode 100644 crypto/fips140-loader.c
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index ad6133b89e7a..58a99b2de237 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -271,6 +271,7 @@ SECTIONS
INIT_RAM_FS
*(.init.altinstructions .init.bss) /* from the EFI stub */
}
+ FIPS140
.exit.data : {
EXIT_DATA
}
diff --git a/crypto/Makefile b/crypto/Makefile
index 6c5d59369dac..e07e93b189fe 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -7,7 +7,9 @@ obj-$(CONFIG_CRYPTO) += crypto.o
crypto-y := api.o cipher.o
obj-$(CONFIG_CRYPTO_ENGINE) += crypto_engine.o
+ifneq ($(CONFIG_CRYPTO_FIPS140_EXTMOD),y)
obj-$(CONFIG_CRYPTO_FIPS) += fips.o
+endif
crypto_algapi-$(CONFIG_PROC_FS) += proc.o
crypto_algapi-y := algapi.o scatterwalk.o $(crypto_algapi-y)
@@ -211,3 +213,25 @@ obj-$(CONFIG_CRYPTO_SIMD) += crypto_simd.o
obj-$(CONFIG_CRYPTO_KDF800108_CTR) += kdf_sp800108.o
obj-$(CONFIG_CRYPTO_KRB5) += krb5/
+
+#
+# Loader for standalone FIPS 140 module
+#
+
+obj-$(CONFIG_CRYPTO_FIPS140_EXTMOD) += fips140-loader.o
+
+#
+# Standalone FIPS 140 module
+#
+
+quiet_cmd_ld_bin = LD $@
+ cmd_ld_bin = (cd "$(dir $<)" && \
+ $(LD) -r -b binary -o $(abspath $@) $(notdir $<) && \
+ $(OBJCOPY) --rename-section .data=$(2) $(abspath $@))
+
+$(obj)/fips140-module.o: $(src)/fips140.ko FORCE
+ $(call if_changed,ld_bin,__fips140_module)
+$(obj)/fips140-digest.o: $(src)/fips140.hmac FORCE
+ $(call if_changed,ld_bin,__fips140_digest)
+
+obj-$(CONFIG_CRYPTO_FIPS140_EXTMOD) += fips140-module.o fips140-digest.o fips140-api.o
diff --git a/crypto/fips140-loader.c b/crypto/fips140-loader.c
new file mode 100644
index 000000000000..865d45d46786
--- /dev/null
+++ b/crypto/fips140-loader.c
@@ -0,0 +1,96 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * FIPS 140-3 module loader.
+ *
+ * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
+ * Copyright 2021 Google LLC
+ * Copyright (c) 2025, Oracle and/or its affiliates.
+ */
+
+#include <linux/fips.h>
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/panic.h>
+#include <linux/printk.h>
+#include <linux/string.h>
+
+#include <crypto/api.h>
+#include <crypto/hash.h>
+
+int fips_enabled;
+EXPORT_SYMBOL_GPL(fips_enabled);
+
+ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
+EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
+
+void fips_fail_notify(void)
+{
+ if (fips_enabled)
+ atomic_notifier_call_chain(&fips_fail_notif_chain, 0, NULL);
+}
+EXPORT_SYMBOL_GPL(fips_fail_notify);
+
+/* defined in crypto/fips140-{module,digest}.o -OR- vmlinux.lds */
+EXPORT_SYMBOL_GPL(_binary_fips140_ko_start);
+EXPORT_SYMBOL_GPL(_binary_fips140_ko_end);
+EXPORT_SYMBOL_GPL(_binary_fips140_hmac_start);
+
+/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
+static int fips_enable(char *str)
+{
+ fips_enabled = !!simple_strtol(str, NULL, 0);
+ if (!fips_enabled)
+ pr_info("FIPS 140-3 module: disabled\n");
+
+ return 1;
+}
+
+__setup("fips=", fips_enable);
+
+static struct ctl_table crypto_sysctl_table[] = {
+ {
+ .procname = "fips_enabled",
+ .data = &fips_enabled,
+ .maxlen = sizeof(int),
+ .mode = 0444,
+ .proc_handler = proc_dointvec,
+ },
+};
+
+static int __init fips_loader_init(void)
+{
+ void *ko_mem;
+ int err;
+ struct ctl_table_header *crypto_sysctls;
+
+ if (!fips_enabled) {
+ /* Add crypto sysctl for nonfips mode */
+ crypto_sysctls = register_sysctl("crypto", crypto_sysctl_table);
+ if (!crypto_sysctls)
+ pr_err("fips 140: failed to register sysctl for nonfips mode");
+
+ return 0;
+ }
+
+ /*
+ * Duplicate the memory as the kernel module loader will
+ * modify it and mess up the integrity check.
+ */
+ ko_mem = kvmemdup(_binary_fips140_ko_start, _binary_fips140_ko_size, GFP_KERNEL);
+ if (!ko_mem) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ err = load_module_mem(ko_mem, _binary_fips140_ko_size);
+ if (err)
+ goto out;
+
+ kvfree(ko_mem);
+
+out:
+ if (err)
+ panic("FIPS 140-3 module: loading error\n");
+ return err;
+}
+arch_initcall_sync(fips_loader_init);
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 1881d9b6b3ae..b4aee570223c 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -454,6 +454,40 @@ defined(CONFIG_AUTOFDO_CLANG) || defined(CONFIG_PROPELLER_CLANG)
#endif
#endif
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+/*
+ * We have an external module; include it and its digest in their own
+ * named sections so they are easy to extract from the vmlinux ELF file
+ * after the kernel has been built.
+ */
+#define FIPS140 \
+ . = ALIGN(PAGE_SIZE); \
+ __fips140_module : AT(ADDR(__fips140_module) - LOAD_OFFSET) { \
+ *(__fips140_module) \
+ } \
+ . = ALIGN(PAGE_SIZE); \
+ __fips140_digest : AT(ADDR(__fips140_digest) - LOAD_OFFSET) { \
+ *(__fips140_digest) \
+ }
+#else
+#ifdef CONFIG_CRYPTO_FIPS140_EXTMOD
+/*
+ * We don't have an external module (yet) but the kernel has been built
+ * with the loader, so this just defines an empty byte array where the
+ * module will go eventually.
+ */
+#define FIPS140 \
+ _binary_fips140_ko_start = .; \
+ _binary_fips140_ko_end = .; \
+ _binary_fips140_hmac_start = .; \
+ _binary_fips140_hmac_end = .;
+#else
+#define FIPS140
+#endif
+#endif
+
+
+
/*
* Read only Data
*/
@@ -1145,7 +1179,8 @@ defined(CONFIG_AUTOFDO_CLANG) || defined(CONFIG_PROPELLER_CLANG)
INIT_CALLS \
CON_INITCALL \
INIT_RAM_FS \
- }
+ } \
+ FIPS140
#define BSS_SECTION(sbss_align, bss_align, stop_align) \
. = ALIGN(sbss_align); \
diff --git a/include/linux/fips.h b/include/linux/fips.h
index c6961e932fef..81560dfc6cef 100644
--- a/include/linux/fips.h
+++ b/include/linux/fips.h
@@ -2,12 +2,29 @@
#ifndef _FIPS_H
#define _FIPS_H
+#include <linux/init.h>
+
+#include <crypto/sha2.h> /* SHA256_DIGEST_SIZE */
+
#ifdef CONFIG_CRYPTO_FIPS
+/*
+ * fips_enabled = FIPS mode was requested on the command line
+ * fips_operational = FIPS module has run self-tests etc. and is operational
+ */
extern int fips_enabled;
+extern int fips_operational;
+
extern struct atomic_notifier_head fips_fail_notif_chain;
void fips_fail_notify(void);
+/* FIPS-certified module blob and digest */
+extern const u8 __initconst _binary_fips140_ko_start[];
+extern const u8 __initconst _binary_fips140_ko_end[];
+extern const u8 __initconst _binary_fips140_hmac_start[SHA256_DIGEST_SIZE];
+
+#define _binary_fips140_ko_size (_binary_fips140_ko_end - _binary_fips140_ko_start)
+
#else
#define fips_enabled 0
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 102/104] scripts/extract-fips140: new script
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (100 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 101/104] crypto: fips140: add FIPS 140 module loader Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 103/104] Documentation/crypto: add fips140.rst Vegard Nossum
` (2 subsequent siblings)
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
Add a new script to extract a precompiled FIPS 140 module (.ko), its
authenticated digest (.hmac), and optionally also the .a of modules, from
a vmlinuz file.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
| 53 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
create mode 100755 scripts/extract-fips140
--git a/scripts/extract-fips140 b/scripts/extract-fips140
new file mode 100755
index 000000000000..00ec7631fa3c
--- /dev/null
+++ b/scripts/extract-fips140
@@ -0,0 +1,53 @@
+#! /usr/bin/env python3
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Extract FIPS 140 cryptographic module (and hmac) from vmlinuz.
+#
+# Copyright © 2025, Oracle and/or its affiliates.
+#
+
+import argparse
+import os
+import shutil
+import subprocess
+import sys
+import tempfile
+
+extract_vmlinux = os.path.join(os.path.dirname(__file__), 'extract-vmlinux')
+
+parser = argparse.ArgumentParser()
+parser.add_argument('vmlinux')
+
+args = parser.parse_args()
+
+warnings = False
+
+with tempfile.TemporaryDirectory() as tmp_dir:
+ vmlinux_path = os.path.join(tmp_dir, 'vmlinux')
+ with open(vmlinux_path, 'w') as f:
+ subprocess.check_call([extract_vmlinux, args.vmlinux], stdout=f)
+
+ def extract_section(input_path, output_path, section):
+ tmp_output_path = os.path.join(tmp_dir, output_path)
+
+ subprocess.check_call([
+ 'objcopy',
+ '--only-section', section,
+ '--output-target', 'binary',
+ input_path,
+ tmp_output_path,
+ ])
+
+ if os.path.getsize(tmp_output_path) == 0:
+ print(f"warning: failed to extract {output_path}; empty section {section}?", file=sys.stderr)
+ global warnings
+ warnings = True
+ else:
+ shutil.move(tmp_output_path, output_path)
+ print(f"extracted {output_path}")
+
+ extract_section(vmlinux_path, 'fips140.ko', '__fips140_module')
+ extract_section(vmlinux_path, 'fips140.hmac', '__fips140_digest')
+
+if warnings:
+ sys.exit(1)
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 103/104] Documentation/crypto: add fips140.rst
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (101 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 102/104] scripts/extract-fips140: new script Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-04 22:14 ` Randy Dunlap
2025-09-04 15:52 ` [PATCH RFC 104/104] MAINTAINERS: add myself as FIPS140 standalone module maintainer Vegard Nossum
2025-09-11 5:53 ` [RFC] crypto: support for a standalone FIPS 140 module Herbert Xu
104 siblings, 1 reply; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum,
Jonathan Corbet, linux-doc
Add documentation for the FIPS140 standalone module.
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: linux-doc@vger.kernel.org
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
Documentation/crypto/fips140.rst | 231 +++++++++++++++++++++++++++++++
Documentation/crypto/index.rst | 1 +
2 files changed, 232 insertions(+)
create mode 100644 Documentation/crypto/fips140.rst
diff --git a/Documentation/crypto/fips140.rst b/Documentation/crypto/fips140.rst
new file mode 100644
index 000000000000..14a7fb7a69ed
--- /dev/null
+++ b/Documentation/crypto/fips140.rst
@@ -0,0 +1,231 @@
+=========================
+FIPS140 standalone module
+=========================
+
+:Author: Vegard Nossum <vegard.nossum@oracle.com>
+
+
+Target audience
+===============
+
+This document is primarily meant for Linux distribution developers and
+maintainers. It may also be interesting for kernel developers
+contributing to the kernel's crypto code as it explains some of the
+concepts and rationale behind the architecture of the crypto code and
+how FIPS support is implemented.
+
+
+Introduction
+============
+
+FIPS 140-3 is a Federal Information Protection Standard, "Security
+Requirements for Cryptographic Modules", maintained by the US National
+Institute of Standards and Technology (NIST). [#fips140]_
+
+Binary implementation of specific approved cryptographic algorithms
+can be certified as part of the Cryptographic Module Validation
+Program (CMVP). In practice, the certification process includes both
+source and binary code, though the end result is a certification
+attached to the binary code.
+
+Having FIPS 140-3 certification is a requirement for running in many
+secure contexts -- many Linux distros certify their kernels in order
+to satisfy these requirements.
+
+Many distros have certified the entire kernel as a "FIPS module" (not
+to be confused with kernel modules). Unfortunately, this means that
+one cannot change any part of the kernel without invalidating the
+certification. Moreover, certification is a costly process that can
+last up to or even more than 12 months.
+
+The FIPS 140 standalone module (AKA ``fips140.ko``) fixes this situation
+by allowing one to build the kernel's crypto code once and reuse it in
+subsequent builds, thus enabling the rest of the kernel to receive bug
+fixes and updates without invalidating the certification of the FIPS
+module.
+
+
+Design
+======
+
+Requirements:
+
+- the FIPS module must not impose a stable internal kernel API on
+ mainline or stable kernels
+- the FIPS module must be a single, contiguous binary file and its HMAC
+ (for easy verification)
+- all crypto algorithms and code must reside within the FIPS module
+- no crypto code in the FIPS module can be used before the FIPS module
+ has executed its self-tests
+- the FIPS module only comes into play when the kernel is booted with
+ ``fips=1``
+- source code should be shared between the kernel and the FIPS module
+ where possible
+
+In order to satisfy these requirements, we have settled on a design
+where the FIPS module duplicates the crypto API and all the algorithm
+implementations that are part of the FIPS module. To avoid source code
+duplication, we use symlinks from ``fips140/`` to the rest of the kernel
+tree and build this directory as an external module -- in other words,
+all the code and algorithms is built twice; once as part of vmlinux
+and/or regular (non-FIPS) kernel modules, and once as part of
+``fips140.ko``.
+
+To allow hot-swapping the crypto code (API + algorithms) at runtime
+(i.e. when ``fips=1`` is detected during boot), we wrap any exported
+symbols in C macros. These macros use static calls (see [#static_call]_)
+to patch any and all users of the crypto code to call the FIPS module's
+version of these functions instead of the functions in vmlinux.
+
+``fips140.ko`` is not really an ordinary kernel module -- it is not
+meant to be loaded with ``modprobe`` or ``insmod``; instead, it is
+embedded into the ``vmlinux`` image at build time. This avoid any
+chicken-and-egg issues around how to verify cryptographic signatures
+without using unverified crypto code. ``fips140.ko`` is loaded during
+early boot -- before any crypto code is used by the kernel.
+
+The code for the FIPS 140 standalone module is therefore split into
+two parts: the module itself (``fips140.ko``) and the loader
+(``crypto/fips140-loader.c``). The loader is **NOT** part of the module
+itself and is not covered by the certification; however, it is
+essentially just a wrapper around the kernel module loader that runs
+during early boot.
+
+We provide no explicit mechanisms to ensure compatibility between a
+precompiled FIPS module and the rest of the kernel; this is the
+responsibility of distros that choose to use the standalone FIPS module.
+
+
+Building
+========
+
+First off, ensure that ``CONFIG_CRYPTO_FIPS140_EXTMOD`` is enabled.
+
+Prepare for building out-of-tree module::
+
+ make modules_prepare
+
+Build fips140.ko as an out-of-tree module::
+
+ make M=fips140/ KBUILD_MODPOST_WARN=1
+ cp fips140/fips140.ko crypto/
+
+Generate fips140.hmac::
+
+ hmac_key=$(awk -F'"' '/^CONFIG_CRYPTO_FIPS140_HMAC_KEY=/{print $2}' .config)
+ openssl dgst -sha256 -hmac $hmac_key -binary -out crypto/fips140.hmac crypto/fips140.ko
+
+Build the rest of the kernel::
+
+ make
+
+
+Adopting a standaline FIPS module for your distro
+=================================================
+
+1. Carefully select which algorithms you want your FIPS module to
+ provide (``CONFIG_FIPS140_*`` and ``CONFIG_CRYPTO_FIPS140_*``
+ options)
+
+2. Integrate building ``fips140/`` as an out-of-tree module with the
+ build system used by your distro's package manager.
+
+ - You may want to strip and separate out debuginfo before copying
+ ``fips140.ko`` into ``crypto/``.
+ - You need a mechanism to save and reintroduce the precompiled
+ ``fips140.ko`` between builds.
+ - All of this "build support" infrastructure is out of scope for
+ mainline.
+
+3. Verify that the FIPS module satisfies your specific operational
+ requirements.
+
+4. Submit the FIPS module to the certifying lab.
+
+.. warning::
+ Mainline developers cannot and will not assist in getting a specific
+ FIPS module certified. The code provided in the mainline source tree
+ is intended to make certification of standalone FIPS modules easier,
+ but we do not guarantee that a build will be certifiable as-is out of
+ the box. Moreover, different distributions have different use cases,
+ different requirements, etc. and all of this influences the specifics
+ of any given FIPS module. Mainline developers will not be responsible
+ for the certification or certifiability of your FIPS module.
+
+
+Useful commands
+===============
+
+
+Extracting ``fips140.ko`` from ``vmlinux``
+------------------------------------------
+
+To extract ``fips140.ko`` and ``fips140.hmac`` from an existing
+``vmlinux`` build, use::
+
+ $ scripts/extract-fips140 /path/to/vmlinux
+ extracted fips140.ko
+ extracted fips140.hmac
+
+
+Verifying the ``fips140.ko`` HMAC digest
+----------------------------------------
+
+To verify the HMAC digest of ``fips140.ko``, use::
+
+ $ key="Sphinx of black quartz, judge my vow"
+ $ openssl dgst -sha256 -hmac "$key" -binary fips140.ko > fips140.hmac-computed
+ $ cmp -s fips140.hmac fips140.hmac-computed && echo ok
+ ok
+
+
+List the symbols used by ``fips140.ko``
+---------------------------------------
+
+To list the kernel symbols used by ``fips140.ko`` (useful for checking
+whether all the necessary crypto functions have been included in the
+module), use::
+
+ $ nm --undefined-only fips140.ko
+
+
+Quick crypto verification using AF_ALG
+--------------------------------------
+
+Testing whether the code works properly is fairly easy using Python
+and the ``AF_ALG`` interface, e.g.::
+
+ import socket
+
+ ALG_SET_KEY = 1
+
+ s = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)
+ s.bind(('hash', 'hmac(sha256)'))
+ s.setsockopt(socket.SOL_ALG, ALG_SET_KEY, b'x' * 16)
+
+ op, _ = s.accept()
+ op.sendall(b'x' * 32)
+ print(op.recv(32))
+
+
+Tracing the crypto code
+-----------------------
+
+Testing whether the FIPS module is used correctly can also be done
+using a combination of Python (as above) and ``trace-cmd`` like this::
+
+ $ sudo trace-cmd record -p function_graph -g __sys_bind python hmac.py
+ $ trace-cmd report
+
+
+Contributing
+============
+
+Patches welcome.
+
+
+References
+==========
+
+.. [#fips140] <https://csrc.nist.gov/pubs/fips/140-3/final>
+.. [#static_call] <https://lwn.net/Articles/815908/>
diff --git a/Documentation/crypto/index.rst b/Documentation/crypto/index.rst
index 100b47d049c0..e755ffd08d4f 100644
--- a/Documentation/crypto/index.rst
+++ b/Documentation/crypto/index.rst
@@ -27,3 +27,4 @@ for cryptographic use cases, as well as programming examples.
descore-readme
device_drivers/index
krb5
+ fips140
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* [PATCH RFC 104/104] MAINTAINERS: add myself as FIPS140 standalone module maintainer
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (102 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 103/104] Documentation/crypto: add fips140.rst Vegard Nossum
@ 2025-09-04 15:52 ` Vegard Nossum
2025-09-11 5:53 ` [RFC] crypto: support for a standalone FIPS 140 module Herbert Xu
104 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 15:52 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
As a gesture of accepting responsibility for the FIPS140 code, add
myself to MAINTAINERS. This is not meant to override or supersede
crypto maintainers and in fact I'd expect any FIPS140-related patches
to still go through the crypto tree(s). I encourage others with an
interest in the long term maintenance of the FIPS140 code to add
themselves to this entry as well.
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
MAINTAINERS | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index daf520a13bdf..655c32f47343 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9467,6 +9467,16 @@ L: linux-can@vger.kernel.org
S: Maintained
F: drivers/net/can/usb/f81604.c
+FIPS 140 STANDALONE MODULE SUPPORT
+M: Vegard Nossum <vegard.nossum@oracle.com>
+L: linux-crypto@vger.kernel.org
+S: Maintained
+F: crypto/fips140*
+F: fips140/
+F: include/crypto/api.h
+F: scripts/extract-fips140
+F: Documentation/crypto/fips140.rst
+
FIREWIRE AUDIO DRIVERS and IEC 61883-1/6 PACKET STREAMING ENGINE
M: Clemens Ladisch <clemens@ladisch.de>
M: Takashi Sakamoto <o-takashi@sakamocchi.jp>
--
2.39.3
^ permalink raw reply related [flat|nested] 115+ messages in thread
* Re: [PATCH RFC 006/104] KEYS: trusted: eat -ENOENT from the crypto API
2025-09-04 15:50 ` [PATCH RFC 006/104] KEYS: trusted: eat -ENOENT from the crypto API Vegard Nossum
@ 2025-09-04 20:22 ` Linus Torvalds
2025-09-04 20:37 ` Eric Biggers
0 siblings, 1 reply; 115+ messages in thread
From: Linus Torvalds @ 2025-09-04 20:22 UTC (permalink / raw)
To: Vegard Nossum
Cc: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez, Ard Biesheuvel, Eric Biggers,
Jason A . Donenfeld, Greg Kroah-Hartman, Wang, Jay,
Nicolai Stange, Vladis Dronov, Stephan Mueller, Sami Tolvanen,
linux-modules, Vijaykumar Hegde, Sriharsha Yadagudde, Sumit Garg,
Jarkko Sakkinen
On Thu, 4 Sept 2025 at 13:05, Vegard Nossum <vegard.nossum@oracle.com> wrote:
>
> However, since commit 9d50a25eeb05c ("crypto: testmgr - desupport SHA-1
> for FIPS 140") when booting with fips=1, the SHA-1 algorithm (or anything
> that uses it, like HMAC-SHA-1) will be unavailable.
>
> security/keys/trusted-keys/trusted_tpm1.c is hard-coded to use SHA-1 and
> will fail with -ENOENT when attempting to initialize the hash instance
> using the crypto API _if_ the hardware is available. This in turn causes
> the entire trusted.ko to fail to load.
Oh Christ.
Can we please just make that trusted_tpm1.c code use the sha1 library
code directly instead of going through the crypto layer to get it?
That would presumably neatly avoid the whole issue.
Eric - I haven't looked at how painful it is to just do conversions
like that - I assume it's a boilerplate thing and trivial to do if
you've one one. Please?
Linus
^ permalink raw reply [flat|nested] 115+ messages in thread
* Re: [PATCH RFC 006/104] KEYS: trusted: eat -ENOENT from the crypto API
2025-09-04 20:22 ` Linus Torvalds
@ 2025-09-04 20:37 ` Eric Biggers
0 siblings, 0 replies; 115+ messages in thread
From: Eric Biggers @ 2025-09-04 20:37 UTC (permalink / raw)
To: Linus Torvalds
Cc: Vegard Nossum, Herbert Xu, David S. Miller, linux-crypto,
Luis Chamberlain, Petr Pavlu, Daniel Gomez, Ard Biesheuvel,
Jason A . Donenfeld, Greg Kroah-Hartman, Wang, Jay,
Nicolai Stange, Vladis Dronov, Stephan Mueller, Sami Tolvanen,
linux-modules, Vijaykumar Hegde, Sriharsha Yadagudde, Sumit Garg,
Jarkko Sakkinen
On Thu, Sep 04, 2025 at 01:22:32PM -0700, Linus Torvalds wrote:
> On Thu, 4 Sept 2025 at 13:05, Vegard Nossum <vegard.nossum@oracle.com> wrote:
> >
> > However, since commit 9d50a25eeb05c ("crypto: testmgr - desupport SHA-1
> > for FIPS 140") when booting with fips=1, the SHA-1 algorithm (or anything
> > that uses it, like HMAC-SHA-1) will be unavailable.
> >
> > security/keys/trusted-keys/trusted_tpm1.c is hard-coded to use SHA-1 and
> > will fail with -ENOENT when attempting to initialize the hash instance
> > using the crypto API _if_ the hardware is available. This in turn causes
> > the entire trusted.ko to fail to load.
>
> Oh Christ.
>
> Can we please just make that trusted_tpm1.c code use the sha1 library
> code directly instead of going through the crypto layer to get it?
> That would presumably neatly avoid the whole issue.
>
> Eric - I haven't looked at how painful it is to just do conversions
> like that - I assume it's a boilerplate thing and trivial to do if
> you've one one. Please?
I already got to this one:
https://lore.kernel.org/r/20250809171941.5497-3-ebiggers@kernel.org/
And yes, as usual it's much simpler:
2 files changed, 36 insertions(+), 190 deletions(-)
(And faster too, since the library APIs have much less overhead.)
Jarkko is taking it for 6.18, I believe.
- Eric
^ permalink raw reply [flat|nested] 115+ messages in thread
* Re: [PATCH RFC 026/104] crypto: fips140: convert lib/crypto/sha256.c to using crypto API wrappers
2025-09-04 15:50 ` [PATCH RFC 026/104] crypto: fips140: convert lib/crypto/sha256.c " Vegard Nossum
@ 2025-09-04 21:29 ` Eric Biggers
0 siblings, 0 replies; 115+ messages in thread
From: Eric Biggers @ 2025-09-04 21:29 UTC (permalink / raw)
To: Vegard Nossum
Cc: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez, Ard Biesheuvel, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules
On Thu, Sep 04, 2025 at 05:50:58PM +0200, Vegard Nossum wrote:
> /**
> * sha256() - Compute SHA-256 message digest in one shot
> @@ -373,7 +392,9 @@ void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
> *
> * Context: Any context.
> */
> -void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]);
> +DECLARE_CRYPTO_API(sha256, void,
> + (const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]),
> + (data, len, out));
This makes all these function declarations awfully hard to read... If
fips140.ko is really going to be supported at all, perhaps it would make
more sense for the override to happen in the function implementations?
E.g. the first line of the sha256() function implementation would be
FIPS_CALL(sha256, data, len, out) or similar, and that would either do
nothing, or call the sha256() from fips140.ko and return.
I think that would be *slightly* less invasive. Though of course it
doesn't get around the problem that the fips140.ko override support
still has to be handled individually for every function...
- Eric
^ permalink raw reply [flat|nested] 115+ messages in thread
* Re: [PATCH RFC 097/104] crypto: fips140: manual fixups for lib/crypto/sha256.c
2025-09-04 15:52 ` [PATCH RFC 097/104] crypto: fips140: manual fixups for lib/crypto/sha256.c Vegard Nossum
@ 2025-09-04 21:35 ` Eric Biggers
2025-09-04 22:20 ` Vegard Nossum
0 siblings, 1 reply; 115+ messages in thread
From: Eric Biggers @ 2025-09-04 21:35 UTC (permalink / raw)
To: Vegard Nossum
Cc: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez, Ard Biesheuvel, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules
On Thu, Sep 04, 2025 at 05:52:09PM +0200, Vegard Nossum wrote:
> Don't build arch-specific SHA256 code yet when building the FIPS 140
> standalone module.
I'm afraid you can't just not support the architecture-optimized crypto
code. It's usually much faster than the generic C code (often more than
an order of magnitude faster), and it's really important to include.
This applies to all algorithms.
- Eric
^ permalink raw reply [flat|nested] 115+ messages in thread
* Re: [PATCH RFC 103/104] Documentation/crypto: add fips140.rst
2025-09-04 15:52 ` [PATCH RFC 103/104] Documentation/crypto: add fips140.rst Vegard Nossum
@ 2025-09-04 22:14 ` Randy Dunlap
2025-09-04 22:28 ` Vegard Nossum
0 siblings, 1 reply; 115+ messages in thread
From: Randy Dunlap @ 2025-09-04 22:14 UTC (permalink / raw)
To: Vegard Nossum, Herbert Xu, David S. Miller, linux-crypto,
Luis Chamberlain, Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Jonathan Corbet,
linux-doc
On 9/4/25 8:52 AM, Vegard Nossum wrote:
> Add documentation for the FIPS140 standalone module.
>
> Cc: Jonathan Corbet <corbet@lwn.net>
> Cc: linux-doc@vger.kernel.org
> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
> ---
> Documentation/crypto/fips140.rst | 231 +++++++++++++++++++++++++++++++
> Documentation/crypto/index.rst | 1 +
> 2 files changed, 232 insertions(+)
> create mode 100644 Documentation/crypto/fips140.rst
>
> diff --git a/Documentation/crypto/fips140.rst b/Documentation/crypto/fips140.rst
> new file mode 100644
> index 000000000000..14a7fb7a69ed
> --- /dev/null
> +++ b/Documentation/crypto/fips140.rst
> @@ -0,0 +1,231 @@
> +=========================
> +FIPS140 standalone module
> +=========================
> +
> +:Author: Vegard Nossum <vegard.nossum@oracle.com>
> +
> +
> +Target audience
> +===============
> +
> +This document is primarily meant for Linux distribution developers and
> +maintainers. It may also be interesting for kernel developers
> +contributing to the kernel's crypto code as it explains some of the
> +concepts and rationale behind the architecture of the crypto code and
> +how FIPS support is implemented.
> +
> +
> +Introduction
> +============
> +
> +FIPS 140-3 is a Federal Information Protection Standard, "Security
> +Requirements for Cryptographic Modules", maintained by the US National
> +Institute of Standards and Technology (NIST). [#fips140]_
> +
> +Binary implementation of specific approved cryptographic algorithms
> +can be certified as part of the Cryptographic Module Validation
> +Program (CMVP). In practice, the certification process includes both
> +source and binary code, though the end result is a certification
> +attached to the binary code.
> +
> +Having FIPS 140-3 certification is a requirement for running in many
> +secure contexts -- many Linux distros certify their kernels in order
> +to satisfy these requirements.
> +
> +Many distros have certified the entire kernel as a "FIPS module" (not
> +to be confused with kernel modules). Unfortunately, this means that
> +one cannot change any part of the kernel without invalidating the
> +certification. Moreover, certification is a costly process that can
> +last up to or even more than 12 months.
> +
> +The FIPS 140 standalone module (AKA ``fips140.ko``) fixes this situation
> +by allowing one to build the kernel's crypto code once and reuse it in
> +subsequent builds, thus enabling the rest of the kernel to receive bug
> +fixes and updates without invalidating the certification of the FIPS
> +module.
> +
> +
> +Design
> +======
> +
> +Requirements:
> +
> +- the FIPS module must not impose a stable internal kernel API on
> + mainline or stable kernels
> +- the FIPS module must be a single, contiguous binary file and its HMAC
> + (for easy verification)
> +- all crypto algorithms and code must reside within the FIPS module
> +- no crypto code in the FIPS module can be used before the FIPS module
> + has executed its self-tests
> +- the FIPS module only comes into play when the kernel is booted with
> + ``fips=1``
> +- source code should be shared between the kernel and the FIPS module
> + where possible
> +
> +In order to satisfy these requirements, we have settled on a design
> +where the FIPS module duplicates the crypto API and all the algorithm
> +implementations that are part of the FIPS module. To avoid source code
> +duplication, we use symlinks from ``fips140/`` to the rest of the kernel
> +tree and build this directory as an external module -- in other words,
> +all the code and algorithms is built twice; once as part of vmlinux
> +and/or regular (non-FIPS) kernel modules, and once as part of
> +``fips140.ko``.
> +
> +To allow hot-swapping the crypto code (API + algorithms) at runtime
> +(i.e. when ``fips=1`` is detected during boot), we wrap any exported
> +symbols in C macros. These macros use static calls (see [#static_call]_)
> +to patch any and all users of the crypto code to call the FIPS module's
> +version of these functions instead of the functions in vmlinux.
> +
> +``fips140.ko`` is not really an ordinary kernel module -- it is not
> +meant to be loaded with ``modprobe`` or ``insmod``; instead, it is
> +embedded into the ``vmlinux`` image at build time. This avoid any
> +chicken-and-egg issues around how to verify cryptographic signatures
> +without using unverified crypto code. ``fips140.ko`` is loaded during
> +early boot -- before any crypto code is used by the kernel.
Hm, I was going to look at how that is done, but I cannot find any
downloadable fips140 source code. Is it available for free download
somewhere?
Is it GPL-v2 licensed?
> +
> +The code for the FIPS 140 standalone module is therefore split into
> +two parts: the module itself (``fips140.ko``) and the loader
> +(``crypto/fips140-loader.c``). The loader is **NOT** part of the module
> +itself and is not covered by the certification; however, it is
> +essentially just a wrapper around the kernel module loader that runs
> +during early boot.
> +
> +We provide no explicit mechanisms to ensure compatibility between a
> +precompiled FIPS module and the rest of the kernel; this is the
> +responsibility of distros that choose to use the standalone FIPS module.
> +
> +
> +Building
> +========
> +
> +First off, ensure that ``CONFIG_CRYPTO_FIPS140_EXTMOD`` is enabled.
> +
> +Prepare for building out-of-tree module::
> +
> + make modules_prepare
> +
> +Build fips140.ko as an out-of-tree module::
> +
> + make M=fips140/ KBUILD_MODPOST_WARN=1
> + cp fips140/fips140.ko crypto/
> +
> +Generate fips140.hmac::
> +
> + hmac_key=$(awk -F'"' '/^CONFIG_CRYPTO_FIPS140_HMAC_KEY=/{print $2}' .config)
> + openssl dgst -sha256 -hmac $hmac_key -binary -out crypto/fips140.hmac crypto/fips140.ko
> +
> +Build the rest of the kernel::
> +
> + make
> +
> +
> +Adopting a standaline FIPS module for your distro
> +=================================================
> +
> +1. Carefully select which algorithms you want your FIPS module to
> + provide (``CONFIG_FIPS140_*`` and ``CONFIG_CRYPTO_FIPS140_*``
> + options)
> +
> +2. Integrate building ``fips140/`` as an out-of-tree module with the
> + build system used by your distro's package manager.
> +
> + - You may want to strip and separate out debuginfo before copying
> + ``fips140.ko`` into ``crypto/``.
> + - You need a mechanism to save and reintroduce the precompiled
> + ``fips140.ko`` between builds.
> + - All of this "build support" infrastructure is out of scope for
> + mainline.
> +
> +3. Verify that the FIPS module satisfies your specific operational
> + requirements.
> +
> +4. Submit the FIPS module to the certifying lab.
> +
> +.. warning::
> + Mainline developers cannot and will not assist in getting a specific
> + FIPS module certified. The code provided in the mainline source tree
> + is intended to make certification of standalone FIPS modules easier,
> + but we do not guarantee that a build will be certifiable as-is out of
> + the box. Moreover, different distributions have different use cases,
> + different requirements, etc. and all of this influences the specifics
> + of any given FIPS module. Mainline developers will not be responsible
> + for the certification or certifiability of your FIPS module.
> +
> +
> +Useful commands
> +===============
> +
> +
> +Extracting ``fips140.ko`` from ``vmlinux``
> +------------------------------------------
> +
> +To extract ``fips140.ko`` and ``fips140.hmac`` from an existing
> +``vmlinux`` build, use::
> +
> + $ scripts/extract-fips140 /path/to/vmlinux
> + extracted fips140.ko
> + extracted fips140.hmac
> +
> +
> +Verifying the ``fips140.ko`` HMAC digest
> +----------------------------------------
> +
> +To verify the HMAC digest of ``fips140.ko``, use::
> +
> + $ key="Sphinx of black quartz, judge my vow"
> + $ openssl dgst -sha256 -hmac "$key" -binary fips140.ko > fips140.hmac-computed
> + $ cmp -s fips140.hmac fips140.hmac-computed && echo ok
> + ok
> +
> +
> +List the symbols used by ``fips140.ko``
> +---------------------------------------
> +
> +To list the kernel symbols used by ``fips140.ko`` (useful for checking
> +whether all the necessary crypto functions have been included in the
> +module), use::
> +
> + $ nm --undefined-only fips140.ko
> +
> +
> +Quick crypto verification using AF_ALG
> +--------------------------------------
> +
> +Testing whether the code works properly is fairly easy using Python
> +and the ``AF_ALG`` interface, e.g.::
> +
> + import socket
> +
> + ALG_SET_KEY = 1
> +
> + s = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)
> + s.bind(('hash', 'hmac(sha256)'))
> + s.setsockopt(socket.SOL_ALG, ALG_SET_KEY, b'x' * 16)
> +
> + op, _ = s.accept()
> + op.sendall(b'x' * 32)
> + print(op.recv(32))
> +
> +
> +Tracing the crypto code
> +-----------------------
> +
> +Testing whether the FIPS module is used correctly can also be done
> +using a combination of Python (as above) and ``trace-cmd`` like this::
> +
> + $ sudo trace-cmd record -p function_graph -g __sys_bind python hmac.py
> + $ trace-cmd report
> +
> +
> +Contributing
> +============
> +
> +Patches welcome.
to what/where?
> +
> +
> +References
> +==========
> +
> +.. [#fips140] <https://csrc.nist.gov/pubs/fips/140-3/final>
> +.. [#static_call] <https://lwn.net/Articles/815908/>
Where are the other 103 patches?
thanks.
--
~Randy
^ permalink raw reply [flat|nested] 115+ messages in thread
* Re: [PATCH RFC 097/104] crypto: fips140: manual fixups for lib/crypto/sha256.c
2025-09-04 21:35 ` Eric Biggers
@ 2025-09-04 22:20 ` Vegard Nossum
0 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 22:20 UTC (permalink / raw)
To: Eric Biggers
Cc: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez, Ard Biesheuvel, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules
On 04/09/2025 23:35, Eric Biggers wrote:
> On Thu, Sep 04, 2025 at 05:52:09PM +0200, Vegard Nossum wrote:
>> Don't build arch-specific SHA256 code yet when building the FIPS 140
>> standalone module.
Emphasis on "yet" :-)
> I'm afraid you can't just not support the architecture-optimized crypto
> code. It's usually much faster than the generic C code (often more than
> an order of magnitude faster), and it's really important to include.
> This applies to all algorithms.
We can easily support it with the exact same method as the generic code
and in fact we do this for the 6.12-based Oracle kernel. I noticed that
the architecture-specific crypto has been reworked since 6.12 so I
decided to drop it to keep the patch set a bit smaller; after all, this
still results in something that can be certified.
I think we can start with the x86 and arm64 code (and only the subset
which is NIST approved)? If anybody has a need for anything else, I can
add it to the patch set on an as-needed basis, let me know what you
would like to see there.
(It might be a bit annoying to deal with the CONFIG_ options for the
arch-specific stuff, but I think we can handle it.)
Vegard
^ permalink raw reply [flat|nested] 115+ messages in thread
* Re: [PATCH RFC 103/104] Documentation/crypto: add fips140.rst
2025-09-04 22:14 ` Randy Dunlap
@ 2025-09-04 22:28 ` Vegard Nossum
0 siblings, 0 replies; 115+ messages in thread
From: Vegard Nossum @ 2025-09-04 22:28 UTC (permalink / raw)
To: Randy Dunlap, Herbert Xu, David S. Miller, linux-crypto,
Luis Chamberlain, Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Jonathan Corbet,
linux-doc
On 05/09/2025 00:14, Randy Dunlap wrote:
> On 9/4/25 8:52 AM, Vegard Nossum wrote:
>> +``fips140.ko`` is not really an ordinary kernel module -- it is not
>> +meant to be loaded with ``modprobe`` or ``insmod``; instead, it is
>> +embedded into the ``vmlinux`` image at build time. This avoid any
>> +chicken-and-egg issues around how to verify cryptographic signatures
>> +without using unverified crypto code. ``fips140.ko`` is loaded during
>> +early boot -- before any crypto code is used by the kernel.
>
> Hm, I was going to look at how that is done, but I cannot find any
> downloadable fips140 source code. Is it available for free download
> somewhere?
>
> Is it GPL-v2 licensed?
Yes, it's the existing kernel crypto code but built as an external/out-
of-tree module.
>> +References
>> +==========
>> +
>> +.. [#fips140] <https://csrc.nist.gov/pubs/fips/140-3/final>
>> +.. [#static_call] <https://lwn.net/Articles/815908/>
>
> Where are the other 103 patches?
Sorry, I guess git-send-email doesn't add everybody from individual
patches to the entire series. Here's the top of the thread with more of
an intro:
https://lore.kernel.org/all/20250904155216.460962-1-vegard.nossum@oracle.com/
Vegard
^ permalink raw reply [flat|nested] 115+ messages in thread
* Re: [PATCH RFC 005/104] crypto: hide crypto_default_rng variable
2025-09-04 15:50 ` [PATCH RFC 005/104] crypto: hide crypto_default_rng variable Vegard Nossum
@ 2025-09-11 5:48 ` Herbert Xu
0 siblings, 0 replies; 115+ messages in thread
From: Herbert Xu @ 2025-09-11 5:48 UTC (permalink / raw)
To: Vegard Nossum
Cc: David S. Miller, linux-crypto, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules,
Sriharsha Yadagudde
On Thu, Sep 04, 2025 at 05:50:37PM +0200, Vegard Nossum wrote:
>
> -int crypto_get_default_rng(void)
> +int crypto_get_default_rng(struct crypto_rng **result)
The usual way to do this is
struct crypto_rng *crypto_get_default_rng(void)
and return the error value as an ERR_PTR().
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 115+ messages in thread
* Re: [RFC] crypto: support for a standalone FIPS 140 module
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
` (103 preceding siblings ...)
2025-09-04 15:52 ` [PATCH RFC 104/104] MAINTAINERS: add myself as FIPS140 standalone module maintainer Vegard Nossum
@ 2025-09-11 5:53 ` Herbert Xu
104 siblings, 0 replies; 115+ messages in thread
From: Herbert Xu @ 2025-09-11 5:53 UTC (permalink / raw)
To: Vegard Nossum
Cc: David S. Miller, linux-crypto, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules
On Thu, Sep 04, 2025 at 05:50:32PM +0200, Vegard Nossum wrote:
> Hi all,
>
> This patch set adds support for building and loading a standalone FIPS
> 140 module. This is mostly useful for distributions that want to certify
> their kernel's crypto code with NIST. Please see
> Documentation/crypto/fips140.rst for more details.
>
> I apologize for the large patch series. I could have squashed
> it down to fewer commits but it would really make it harder to see
> what's going on.
Perhaps we can divide this by layer? The public key crypto sits
on top of the Crypto API, which in turns sits on top of lib/crypto.
So it would seem natural to divide this into three parts. The
code in lib/crypto can be converted without affecting anything on
top of it, and then the Crypto API could be converted.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 115+ messages in thread
* Re: [PATCH RFC 019/104] module: add load_module_mem() helper
2025-09-04 15:50 ` [PATCH RFC 019/104] module: add load_module_mem() helper Vegard Nossum
@ 2025-09-29 9:47 ` Petr Pavlu
0 siblings, 0 replies; 115+ messages in thread
From: Petr Pavlu @ 2025-09-29 9:47 UTC (permalink / raw)
To: Vegard Nossum
Cc: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Daniel Gomez, Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules,
Saeed Mirzamohammadi
On 9/4/25 5:50 PM, Vegard Nossum wrote:
> Add a new helper function, load_module_mem(), which can load a kernel
> module from a byte array in memory.
>
> Also add a new module loader flag, MODULE_INIT_MEM, signalling that a
> module was loaded in this way.
>
> When a module is loaded with load_module_mem(), we do a few things
> differently:
>
> - don't do signature verification
> - ignore vermagic
Why is checking the vermagic skipped?
> - don't taint the kernel
Why is tainting the kernel skipped?
> - keep the initial reference to the module until the caller wants to
> drop it
>
> These changes are necessary for having a bundled (but separately
> compiled) FIPS module.
>
> We may want to let distros carry patches to disable tainting separately
> so this information is not lost in case somebody builds a non-distro
> kernel using a FIPS module compiled for an incompatible version.
>
> Co-developed-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com>
> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
I realize this is posted as an RFC so I'm not sure if you're looking for
more detailed comments on the implementation at this point. Nonetheless,
some notes are provided below.
> ---
> include/linux/module.h | 2 +
> include/uapi/linux/module.h | 5 ++
> kernel/module/main.c | 99 ++++++++++++++++++++++++++-----------
> 3 files changed, 77 insertions(+), 29 deletions(-)
>
> diff --git a/include/linux/module.h b/include/linux/module.h
> index 3319a5269d28..00d85602fb6a 100644
> --- a/include/linux/module.h
> +++ b/include/linux/module.h
> @@ -586,6 +586,8 @@ struct module {
>
> #ifdef CONFIG_MODULES
>
> +extern int load_module_mem(const char *mem, size_t size);
> +
Nit: The extern keyword is unnecessary here. See
Documentation/process/coding-style.rst, 6.1) Function prototypes.
> /* Get/put a kernel symbol (calls must be symmetric) */
> void *__symbol_get(const char *symbol);
> void *__symbol_get_gpl(const char *symbol);
> diff --git a/include/uapi/linux/module.h b/include/uapi/linux/module.h
> index 03a33ffffcba..5dcd24018be7 100644
> --- a/include/uapi/linux/module.h
> +++ b/include/uapi/linux/module.h
> @@ -7,4 +7,9 @@
> #define MODULE_INIT_IGNORE_VERMAGIC 2
> #define MODULE_INIT_COMPRESSED_FILE 4
>
> +#ifdef __KERNEL__
> +/* Internal flags */
> +#define MODULE_INIT_MEM 30
> +#endif
> +
This looks to be incorrect, 30 is 0b11110. The value should be a flag
with only one bit set.
Additionally, I think referring to this special-type module as MEM is
misleading as all modules are eventually loaded from the kernel memory.
Perhaps call it MODULE_INIT_EMBEDDED_FILE, which also aligns with
MODULE_INIT_COMPRESSED_FILE?
> #endif /* _UAPI_LINUX_MODULE_H */
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index c66b26184936..12ce4bad29ca 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -2572,11 +2572,14 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i
>
> static int check_modinfo(struct module *mod, struct load_info *info, int flags)
> {
> - const char *modmagic = get_modinfo(info, "vermagic");
> + const char *modmagic = NULL;
> int err;
>
> - if (flags & MODULE_INIT_IGNORE_VERMAGIC)
> - modmagic = NULL;
> + if (flags & MODULE_INIT_MEM)
> + return 0;
> +
> + if (!(flags & MODULE_INIT_IGNORE_VERMAGIC))
> + modmagic = get_modinfo(info, "vermagic");
>
> /* This is allowed: modprobe --force will invalidate it. */
> if (!modmagic) {
> @@ -3007,7 +3010,7 @@ module_param(async_probe, bool, 0644);
> * Keep it uninlined to provide a reliable breakpoint target, e.g. for the gdb
> * helper command 'lx-symbols'.
> */
> -static noinline int do_init_module(struct module *mod)
> +static noinline int do_init_module(struct module *mod, int flags)
> {
> int ret = 0;
> struct mod_initfree *freeinit;
> @@ -3071,7 +3074,8 @@ static noinline int do_init_module(struct module *mod)
> mod->mem[MOD_INIT_TEXT].base + mod->mem[MOD_INIT_TEXT].size);
> mutex_lock(&module_mutex);
> /* Drop initial reference. */
> - module_put(mod);
> + if (!(flags & MODULE_INIT_MEM))
> + module_put(mod);
> trim_init_extable(mod);
> #ifdef CONFIG_KALLSYMS
> /* Switch to core kallsyms now init is done: kallsyms may be walking! */
> @@ -3347,31 +3351,17 @@ static int early_mod_check(struct load_info *info, int flags)
> /*
> * Allocate and load the module: note that size of section 0 is always
> * zero, and we rely on this for optional sections.
> + *
> + * NOTE: module signature verification must have been done already.
> */
> -static int load_module(struct load_info *info, const char __user *uargs,
> - int flags)
> +static int _load_module(struct load_info *info, const char __user *uargs,
> + int flags)
> {
> struct module *mod;
> bool module_allocated = false;
> long err = 0;
> char *after_dashes;
>
> - /*
> - * Do the signature check (if any) first. All that
> - * the signature check needs is info->len, it does
> - * not need any of the section info. That can be
> - * set up later. This will minimize the chances
> - * of a corrupt module causing problems before
> - * we even get to the signature check.
> - *
> - * The check will also adjust info->len by stripping
> - * off the sig length at the end of the module, making
> - * checks against info->len more correct.
> - */
> - err = module_sig_check(info, flags);
> - if (err)
> - goto free_copy;
> -
> /*
> * Do basic sanity checks against the ELF header and
> * sections. Cache useful sections and set the
> @@ -3405,7 +3395,8 @@ static int load_module(struct load_info *info, const char __user *uargs,
> * We are tainting your kernel if your module gets into
> * the modules linked list somehow.
> */
> - module_augment_kernel_taints(mod, info);
> + if (!(flags & MODULE_INIT_MEM))
> + module_augment_kernel_taints(mod, info);
>
> /* To avoid stressing percpu allocator, do this once we're unique. */
> err = percpu_modalloc(mod, info);
> @@ -3452,7 +3443,11 @@ static int load_module(struct load_info *info, const char __user *uargs,
> flush_module_icache(mod);
>
> /* Now copy in args */
> - mod->args = strndup_user(uargs, ~0UL >> 1);
> + if ((flags & MODULE_INIT_MEM))
> + mod->args = kstrdup("", GFP_KERNEL);
> + else
> + mod->args = strndup_user(uargs, ~0UL >> 1);
> +
> if (IS_ERR(mod->args)) {
> err = PTR_ERR(mod->args);
> goto free_arch_cleanup;
> @@ -3500,13 +3495,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
> if (codetag_load_module(mod))
> goto sysfs_cleanup;
>
> - /* Get rid of temporary copy. */
> - free_copy(info, flags);
> -
> /* Done! */
> trace_module_load(mod);
>
> - return do_init_module(mod);
> + return do_init_module(mod, flags);
>
> sysfs_cleanup:
> mod_sysfs_teardown(mod);
> @@ -3562,7 +3554,52 @@ static int load_module(struct load_info *info, const char __user *uargs,
> audit_log_kern_module(info->name ? info->name : "?");
> mod_stat_bump_becoming(info, flags);
> }
> + return err;
> +}
> +
> +/*
> + * Load module from kernel memory without signature check.
> + */
> +int load_module_mem(const char *mem, size_t size)
The description and name of this function are not ideal. All module
loads via load_module() are from the kernel memory and skipping the
signature check is not the only different property.
I suggest calling the function load_embedded_module() and improving its
description. Please preferably also use a kernel-doc to describe it as
the function is external.
> +{
> + int err;
> + struct load_info info = { };
> +
> + info.sig_ok = true;
> + info.hdr = (Elf64_Ehdr *) mem;
> + info.len = size;
> +
> + err = _load_module(&info, NULL, MODULE_INIT_MEM);
> + if (0)
> + free_copy(&info, 0);
Remove the dead code.
> +
> + return err;
> +}
> +
> +static int load_module(struct load_info *info, const char __user *uargs,
> + int flags)
> +{
> + int err;
> +
> + /*
> + * Do the signature check (if any) first. All that
> + * the signature check needs is info->len, it does
> + * not need any of the section info. That can be
> + * set up later. This will minimize the chances
> + * of a corrupt module causing problems before
> + * we even get to the signature check.
> + *
> + * The check will also adjust info->len by stripping
> + * off the sig length at the end of the module, making
> + * checks against info->len more correct.
> + */
> + err = module_sig_check(info, flags);
> + if (!err)
> + err = _load_module(info, uargs, flags);
> +
> + /* Get rid of temporary copy. */
> free_copy(info, flags);
> +
> return err;
> }
In the current code, the load_module() function frees the temporary copy
prior to calling the module's init function, which should generally
result in less memory pressure. This behavior looks useful to me to
preserve.
You could keep the current load_module() as is but wrap its
module_sig_check() call with 'if (!info->sig_ok)'. Similarly, the
free_copy() call could be protected by
'if (!(flags & MODULE_INIT_MEM))'.
>
> @@ -3728,6 +3765,10 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags)
>
> pr_debug("finit_module: fd=%d, uargs=%p, flags=%i\n", fd, uargs, flags);
>
> + /*
> + * Deliberately omitting MODULE_INIT_MEM as it is for internal use
> + * only.
> + */
> if (flags & ~(MODULE_INIT_IGNORE_MODVERSIONS
> |MODULE_INIT_IGNORE_VERMAGIC
> |MODULE_INIT_COMPRESSED_FILE))
Nit: I suggest the following to improve the comment flow:
/*
* Check flags validity. Deliberately omit MODULE_INIT_MEM as it is for
* internal use only.
*/
--
Thanks,
Petr
^ permalink raw reply [flat|nested] 115+ messages in thread
end of thread, other threads:[~2025-09-29 9:47 UTC | newest]
Thread overview: 115+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-04 15:50 [RFC] crypto: support for a standalone FIPS 140 module Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 001/104] params: use arch_initcall to initialize params sysfs earlier Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 002/104] Revert "Revert "crypto: shash - avoid comparing pointers to exported functions under CFI"" Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 003/104] crypto/jitterentropy: remove linux/fips.h include Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 004/104] crypto: api - Disallow identical template names Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 005/104] crypto: hide crypto_default_rng variable Vegard Nossum
2025-09-11 5:48 ` Herbert Xu
2025-09-04 15:50 ` [PATCH RFC 006/104] KEYS: trusted: eat -ENOENT from the crypto API Vegard Nossum
2025-09-04 20:22 ` Linus Torvalds
2025-09-04 20:37 ` Eric Biggers
2025-09-04 15:50 ` [PATCH RFC 007/104] testmgr: standardize alg/driver output in logs Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 008/104] arch/x86/boot/string.h: override memmove()/strlen() Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 009/104] certs/system_keyring: export restrict_link_by_builtin_*trusted Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 010/104] crypto/testmgr: make fips_allowed a bit set Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 011/104] crypto/testmgr: mark non-crypto algorithms Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 012/104] crypto/algapi: don't init algapi in fips mode Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 013/104] crypto/algapi.c: disable crypto_check_module_sig() for FIPS module Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 014/104] crypto/testmgr: add helper to alg_test() Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 015/104] crypto: pass struct crypto_alg directly " Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 016/104] crypto: alg - add CRYPTO_ALG_FIPS_PROVIDED flag Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 017/104] crypto: testmgr: check that we got the expected alg Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 018/104] crypto: make sure crypto_alg_tested() finds the correct algorithm Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 019/104] module: add load_module_mem() helper Vegard Nossum
2025-09-29 9:47 ` Petr Pavlu
2025-09-04 15:50 ` [PATCH RFC 020/104] module: add a mechanism for pluggable crypto APIs Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 021/104] crypto: fips140: include crypto/api.h in a few places Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 022/104] crypto: fips140: convert lib/crypto/aes.c to using crypto API wrappers Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 023/104] crypto: fips140: convert lib/crypto/aesgcm.c " Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 024/104] crypto: fips140: convert lib/crypto/gf128mul.c " Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 025/104] crypto: fips140: convert lib/crypto/memneq.c " Vegard Nossum
2025-09-04 15:50 ` [PATCH RFC 026/104] crypto: fips140: convert lib/crypto/sha256.c " Vegard Nossum
2025-09-04 21:29 ` Eric Biggers
2025-09-04 15:50 ` [PATCH RFC 027/104] crypto: fips140: convert lib/crypto/sha512.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 028/104] crypto: fips140: convert lib/crypto/utils.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 029/104] crypto: fips140: convert crypto/aead.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 030/104] crypto: fips140: convert crypto/aes_generic.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 031/104] crypto: fips140: convert crypto/ahash.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 032/104] crypto: fips140: convert crypto/akcipher.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 033/104] crypto: fips140: convert crypto/algapi.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 034/104] crypto: fips140: convert crypto/algboss.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 035/104] crypto: fips140: convert crypto/api.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 036/104] crypto: fips140: convert crypto/authenc.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 037/104] crypto: fips140: convert crypto/authencesn.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 038/104] crypto: fips140: convert crypto/cbc.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 039/104] crypto: fips140: convert crypto/ccm.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 040/104] crypto: fips140: convert crypto/cipher.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 041/104] crypto: fips140: convert crypto/cmac.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 042/104] crypto: fips140: convert crypto/cryptd.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 043/104] crypto: fips140: convert crypto/ctr.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 044/104] crypto: fips140: convert crypto/dh.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 045/104] crypto: fips140: convert crypto/dh_helper.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 046/104] crypto: fips140: convert crypto/drbg.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 047/104] crypto: fips140: convert crypto/ecb.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 048/104] crypto: fips140: convert crypto/ecc.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 049/104] crypto: fips140: convert crypto/ecdh.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 050/104] crypto: fips140: convert crypto/ecdh_helper.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 051/104] crypto: fips140: convert crypto/ecdsa.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 052/104] crypto: fips140: convert crypto/echainiv.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 053/104] crypto: fips140: convert crypto/essiv.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 054/104] crypto: fips140: convert crypto/gcm.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 055/104] crypto: fips140: convert crypto/geniv.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 056/104] crypto: fips140: convert crypto/ghash-generic.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 057/104] crypto: fips140: convert crypto/hmac.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 058/104] crypto: fips140: convert crypto/jitterentropy-kcapi.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 059/104] crypto: fips140: convert crypto/kpp.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 060/104] crypto: fips140: convert crypto/lskcipher.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 061/104] crypto: fips140: convert crypto/pcrypt.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 062/104] crypto: fips140: convert crypto/rng.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 063/104] crypto: fips140: convert crypto/rsa.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 064/104] crypto: fips140: convert crypto/rsa_helper.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 065/104] crypto: fips140: convert crypto/seqiv.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 066/104] crypto: fips140: convert crypto/sha1.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 067/104] crypto: fips140: convert crypto/sha256.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 068/104] crypto: fips140: convert crypto/sha3_generic.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 069/104] crypto: fips140: convert crypto/sha512.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 070/104] crypto: fips140: convert crypto/shash.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 071/104] crypto: fips140: convert crypto/sig.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 072/104] crypto: fips140: convert crypto/simd.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 073/104] crypto: fips140: convert crypto/skcipher.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 074/104] crypto: fips140: convert crypto/tcrypt.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 075/104] crypto: fips140: convert crypto/testmgr.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 076/104] crypto: fips140: convert crypto/xts.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 077/104] crypto: fips140: convert crypto/asymmetric_keys/asymmetric_type.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 078/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_key_type.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 079/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_parser.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 080/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_trust.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 081/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_verify.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 082/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs8_parser.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 083/104] crypto: fips140: convert crypto/asymmetric_keys/public_key.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 084/104] crypto: fips140: convert crypto/asymmetric_keys/selftest.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 085/104] crypto: fips140: convert crypto/asymmetric_keys/signature.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 086/104] crypto: fips140: convert crypto/asymmetric_keys/x509_cert_parser.c " Vegard Nossum
2025-09-04 15:51 ` [PATCH RFC 087/104] crypto: fips140: convert crypto/asymmetric_keys/x509_loader.c " Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 088/104] crypto: fips140: convert crypto/asymmetric_keys/x509_public_key.c " Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 089/104] crypto: fips140: manual fixups for include/keys/asymmetric-type.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 090/104] crypto: fips140: manual fixups for include/crypto/sha2.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 091/104] crypto: fips140: manual fixups for include/crypto/public_key.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 092/104] crypto: fips140: manual fixups for include/crypto/aes.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 093/104] crypto: fips140: manual fixups for crypto/internal.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 094/104] crypto: fips140: manual fixups for include/crypto/internal/ecc.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 095/104] crypto: fips140: manual fixups for include/crypto/internal/rsa.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 096/104] crypto: fips140: manual fixups for include/crypto/aes.h Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 097/104] crypto: fips140: manual fixups for lib/crypto/sha256.c Vegard Nossum
2025-09-04 21:35 ` Eric Biggers
2025-09-04 22:20 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 098/104] crypto: fips140: manual fixups for lib/crypto/sha512.c Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 099/104] crypto: fips140: add symlinks to kernel sources Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 100/104] crypto: fips140: add standalone FIPS 140 module Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 101/104] crypto: fips140: add FIPS 140 module loader Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 102/104] scripts/extract-fips140: new script Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 103/104] Documentation/crypto: add fips140.rst Vegard Nossum
2025-09-04 22:14 ` Randy Dunlap
2025-09-04 22:28 ` Vegard Nossum
2025-09-04 15:52 ` [PATCH RFC 104/104] MAINTAINERS: add myself as FIPS140 standalone module maintainer Vegard Nossum
2025-09-11 5:53 ` [RFC] crypto: support for a standalone FIPS 140 module Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).