* [PATCH RFC 063/104] crypto: fips140: convert crypto/rsa.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_RSA --source crypto/rsa.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/rsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 6c7734083c98..44eef74ebad8 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -430,8 +430,8 @@ static void __exit rsa_exit(void)
crypto_unregister_akcipher(&rsa);
}
-module_init(rsa_init);
-module_exit(rsa_exit);
+crypto_module_init(rsa_init);
+crypto_module_exit(rsa_exit);
MODULE_ALIAS_CRYPTO("rsa");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("RSA generic algorithm");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 062/104] crypto: fips140: convert crypto/rng.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_RNG2 --source crypto/rng.c --header include/crypto/rng.h include/crypto/internal/rng.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 22 +++++++++++++++++++++
crypto/rng.c | 36 +++++++++++++++++------------------
include/crypto/internal/rng.h | 21 +++++++++++++++-----
include/crypto/rng.h | 18 +++++++++++++-----
4 files changed, 69 insertions(+), 28 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 70b896ef42ff..8810af32dd43 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -466,3 +466,25 @@ DEFINE_CRYPTO_API_STUB(lskcipher_alloc_instance_simple);
#endif
+/*
+ * crypto/rng.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_RNG2)
+
+#include <crypto/rng.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_get_default_rng);
+DEFINE_CRYPTO_API_STUB(crypto_put_default_rng);
+DEFINE_CRYPTO_API_STUB(crypto_alloc_rng);
+DEFINE_CRYPTO_API_STUB(crypto_rng_reset);
+
+#include <crypto/internal/rng.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_register_rng);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_rng);
+DEFINE_CRYPTO_API_STUB(crypto_register_rngs);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_rngs);
+DEFINE_CRYPTO_API_STUB(crypto_del_default_rng);
+
+#endif
+
diff --git a/crypto/rng.c b/crypto/rng.c
index 2a246e1a0918..66bbb976ac95 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -27,7 +27,7 @@ static DEFINE_MUTEX(crypto_default_rng_lock);
static struct crypto_rng *crypto_default_rng;
static int crypto_default_rng_refcnt;
-int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
+int CRYPTO_API(crypto_rng_reset)(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
{
u8 *buf = NULL;
int err;
@@ -48,7 +48,7 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
kfree_sensitive(buf);
return err;
}
-EXPORT_SYMBOL_GPL(crypto_rng_reset);
+DEFINE_CRYPTO_API(crypto_rng_reset);
static int crypto_rng_init_tfm(struct crypto_tfm *tfm)
{
@@ -100,13 +100,13 @@ static const struct crypto_type crypto_rng_type = {
.algsize = offsetof(struct rng_alg, base),
};
-struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask)
+struct crypto_rng *CRYPTO_API(crypto_alloc_rng)(const char *alg_name, u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_rng_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_rng);
+DEFINE_CRYPTO_API(crypto_alloc_rng);
-int crypto_get_default_rng(struct crypto_rng **result)
+int CRYPTO_API(crypto_get_default_rng)(struct crypto_rng **result)
{
struct crypto_rng *rng;
int err;
@@ -136,19 +136,19 @@ int crypto_get_default_rng(struct crypto_rng **result)
return err;
}
-EXPORT_SYMBOL_GPL(crypto_get_default_rng);
+DEFINE_CRYPTO_API(crypto_get_default_rng);
-void crypto_put_default_rng(struct crypto_rng **rng)
+void CRYPTO_API(crypto_put_default_rng)(struct crypto_rng **rng)
{
mutex_lock(&crypto_default_rng_lock);
*rng = NULL;
crypto_default_rng_refcnt--;
mutex_unlock(&crypto_default_rng_lock);
}
-EXPORT_SYMBOL_GPL(crypto_put_default_rng);
+DEFINE_CRYPTO_API(crypto_put_default_rng);
#if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
-int crypto_del_default_rng(void)
+int CRYPTO_API(crypto_del_default_rng)(void)
{
int err = -EBUSY;
@@ -166,10 +166,10 @@ int crypto_del_default_rng(void)
return err;
}
-EXPORT_SYMBOL_GPL(crypto_del_default_rng);
+DEFINE_CRYPTO_API(crypto_del_default_rng);
#endif
-int crypto_register_rng(struct rng_alg *alg)
+int CRYPTO_API(crypto_register_rng)(struct rng_alg *alg)
{
struct crypto_alg *base = &alg->base;
@@ -182,15 +182,15 @@ int crypto_register_rng(struct rng_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_rng);
+DEFINE_CRYPTO_API(crypto_register_rng);
-void crypto_unregister_rng(struct rng_alg *alg)
+void CRYPTO_API(crypto_unregister_rng)(struct rng_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_rng);
+DEFINE_CRYPTO_API(crypto_unregister_rng);
-int crypto_register_rngs(struct rng_alg *algs, int count)
+int CRYPTO_API(crypto_register_rngs)(struct rng_alg *algs, int count)
{
int i, ret;
@@ -208,16 +208,16 @@ int crypto_register_rngs(struct rng_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_rngs);
+DEFINE_CRYPTO_API(crypto_register_rngs);
-void crypto_unregister_rngs(struct rng_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_rngs)(struct rng_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_rng(algs + i);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_rngs);
+DEFINE_CRYPTO_API(crypto_unregister_rngs);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Random Number Generator");
diff --git a/include/crypto/internal/rng.h b/include/crypto/internal/rng.h
index e0711b6a597f..e4e4bbffc086 100644
--- a/include/crypto/internal/rng.h
+++ b/include/crypto/internal/rng.h
@@ -9,16 +9,27 @@
#ifndef _CRYPTO_INTERNAL_RNG_H
#define _CRYPTO_INTERNAL_RNG_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
#include <crypto/rng.h>
-int crypto_register_rng(struct rng_alg *alg);
-void crypto_unregister_rng(struct rng_alg *alg);
-int crypto_register_rngs(struct rng_alg *algs, int count);
-void crypto_unregister_rngs(struct rng_alg *algs, int count);
+DECLARE_CRYPTO_API(crypto_register_rng, int,
+ (struct rng_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_rng, void,
+ (struct rng_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_rngs, int,
+ (struct rng_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_rngs, void,
+ (struct rng_alg *algs, int count),
+ (algs, count));
#if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
-int crypto_del_default_rng(void);
+DECLARE_CRYPTO_API(crypto_del_default_rng, int,
+ (void),
+ ());
#else
static inline int crypto_del_default_rng(void)
{
diff --git a/include/crypto/rng.h b/include/crypto/rng.h
index 816f255adcd3..b7d7ff59d6a5 100644
--- a/include/crypto/rng.h
+++ b/include/crypto/rng.h
@@ -9,6 +9,7 @@
#ifndef _CRYPTO_RNG_H
#define _CRYPTO_RNG_H
+#include <crypto/api.h>
#include <linux/atomic.h>
#include <linux/container_of.h>
#include <linux/crypto.h>
@@ -57,8 +58,12 @@ struct crypto_rng {
struct crypto_tfm base;
};
-int crypto_get_default_rng(struct crypto_rng **rng);
-void crypto_put_default_rng(struct crypto_rng **rng);
+DECLARE_CRYPTO_API(crypto_get_default_rng, int,
+ (struct crypto_rng **rng),
+ (rng));
+DECLARE_CRYPTO_API(crypto_put_default_rng, void,
+ (struct crypto_rng **rng),
+ (rng));
/**
* DOC: Random number generator API
@@ -87,7 +92,9 @@ void crypto_put_default_rng(struct crypto_rng **rng);
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_rng, struct crypto_rng *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_rng_tfm(struct crypto_rng *tfm)
{
@@ -176,8 +183,9 @@ static inline int crypto_rng_get_bytes(struct crypto_rng *tfm,
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed,
- unsigned int slen);
+DECLARE_CRYPTO_API(crypto_rng_reset, int,
+ (struct crypto_rng *tfm, const u8 *seed, unsigned int slen),
+ (tfm, seed, slen));
/**
* crypto_rng_seedsize() - obtain seed size of RNG
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 061/104] crypto: fips140: convert crypto/pcrypt.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_PCRYPT --source crypto/pcrypt.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/pcrypt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index c3a9d4f2995c..b9cf7df64c4e 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -378,8 +378,8 @@ static void __exit pcrypt_exit(void)
kset_unregister(pcrypt_kset);
}
-module_init(pcrypt_init);
-module_exit(pcrypt_exit);
+crypto_module_init(pcrypt_init);
+crypto_module_exit(pcrypt_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Steffen Klassert <steffen.klassert@secunet.com>");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 060/104] crypto: fips140: convert crypto/lskcipher.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SKCIPHER2 --source crypto/lskcipher.c --header include/crypto/skcipher.h include/crypto/internal/skcipher.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 24 ++++++++++++++++
crypto/lskcipher.c | 44 +++++++++++++++---------------
include/crypto/internal/skcipher.h | 34 +++++++++++++++--------
include/crypto/skcipher.h | 21 ++++++++------
4 files changed, 82 insertions(+), 41 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 9c9f9d57f99d..70b896ef42ff 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -442,3 +442,27 @@ DEFINE_CRYPTO_API_STUB(crypto_grab_kpp);
#endif
+/*
+ * crypto/lskcipher.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SKCIPHER2)
+
+#include <crypto/skcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_lskcipher);
+DEFINE_CRYPTO_API_STUB(crypto_lskcipher_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_lskcipher_encrypt);
+DEFINE_CRYPTO_API_STUB(crypto_lskcipher_decrypt);
+
+#include <crypto/internal/skcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_grab_lskcipher);
+DEFINE_CRYPTO_API_STUB(crypto_register_lskcipher);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_lskcipher);
+DEFINE_CRYPTO_API_STUB(crypto_register_lskciphers);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_lskciphers);
+DEFINE_CRYPTO_API_STUB(lskcipher_register_instance);
+DEFINE_CRYPTO_API_STUB(lskcipher_alloc_instance_simple);
+
+#endif
+
diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c
index c2e2c38b5aa8..147a897ae5ea 100644
--- a/crypto/lskcipher.c
+++ b/crypto/lskcipher.c
@@ -50,7 +50,7 @@ static int lskcipher_setkey_unaligned(struct crypto_lskcipher *tfm,
return ret;
}
-int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm, const u8 *key,
+int CRYPTO_API(crypto_lskcipher_setkey)(struct crypto_lskcipher *tfm, const u8 *key,
unsigned int keylen)
{
unsigned long alignmask = crypto_lskcipher_alignmask(tfm);
@@ -64,7 +64,7 @@ int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm, const u8 *key,
else
return cipher->setkey(tfm, key, keylen);
}
-EXPORT_SYMBOL_GPL(crypto_lskcipher_setkey);
+DEFINE_CRYPTO_API(crypto_lskcipher_setkey);
static int crypto_lskcipher_crypt_unaligned(
struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, unsigned len,
@@ -137,23 +137,23 @@ static int crypto_lskcipher_crypt(struct crypto_lskcipher *tfm, const u8 *src,
return crypt(tfm, src, dst, len, iv, CRYPTO_LSKCIPHER_FLAG_FINAL);
}
-int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src,
+int CRYPTO_API(crypto_lskcipher_encrypt)(struct crypto_lskcipher *tfm, const u8 *src,
u8 *dst, unsigned len, u8 *iv)
{
struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm);
return crypto_lskcipher_crypt(tfm, src, dst, len, iv, alg->encrypt);
}
-EXPORT_SYMBOL_GPL(crypto_lskcipher_encrypt);
+DEFINE_CRYPTO_API(crypto_lskcipher_encrypt);
-int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src,
+int CRYPTO_API(crypto_lskcipher_decrypt)(struct crypto_lskcipher *tfm, const u8 *src,
u8 *dst, unsigned len, u8 *iv)
{
struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm);
return crypto_lskcipher_crypt(tfm, src, dst, len, iv, alg->decrypt);
}
-EXPORT_SYMBOL_GPL(crypto_lskcipher_decrypt);
+DEFINE_CRYPTO_API(crypto_lskcipher_decrypt);
static int crypto_lskcipher_crypt_sg(struct skcipher_request *req,
int (*crypt)(struct crypto_lskcipher *tfm,
@@ -325,21 +325,21 @@ int crypto_init_lskcipher_ops_sg(struct crypto_tfm *tfm)
return 0;
}
-int crypto_grab_lskcipher(struct crypto_lskcipher_spawn *spawn,
+int CRYPTO_API(crypto_grab_lskcipher)(struct crypto_lskcipher_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_lskcipher_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_lskcipher);
+DEFINE_CRYPTO_API(crypto_grab_lskcipher);
-struct crypto_lskcipher *crypto_alloc_lskcipher(const char *alg_name,
+struct crypto_lskcipher *CRYPTO_API(crypto_alloc_lskcipher)(const char *alg_name,
u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_lskcipher_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_lskcipher);
+DEFINE_CRYPTO_API(crypto_alloc_lskcipher);
static int lskcipher_prepare_alg(struct lskcipher_alg *alg)
{
@@ -359,7 +359,7 @@ static int lskcipher_prepare_alg(struct lskcipher_alg *alg)
return 0;
}
-int crypto_register_lskcipher(struct lskcipher_alg *alg)
+int CRYPTO_API(crypto_register_lskcipher)(struct lskcipher_alg *alg)
{
struct crypto_alg *base = &alg->co.base;
int err;
@@ -370,15 +370,15 @@ int crypto_register_lskcipher(struct lskcipher_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_lskcipher);
+DEFINE_CRYPTO_API(crypto_register_lskcipher);
-void crypto_unregister_lskcipher(struct lskcipher_alg *alg)
+void CRYPTO_API(crypto_unregister_lskcipher)(struct lskcipher_alg *alg)
{
crypto_unregister_alg(&alg->co.base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_lskcipher);
+DEFINE_CRYPTO_API(crypto_unregister_lskcipher);
-int crypto_register_lskciphers(struct lskcipher_alg *algs, int count)
+int CRYPTO_API(crypto_register_lskciphers)(struct lskcipher_alg *algs, int count)
{
int i, ret;
@@ -396,18 +396,18 @@ int crypto_register_lskciphers(struct lskcipher_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_lskciphers);
+DEFINE_CRYPTO_API(crypto_register_lskciphers);
-void crypto_unregister_lskciphers(struct lskcipher_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_lskciphers)(struct lskcipher_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_lskcipher(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_lskciphers);
+DEFINE_CRYPTO_API(crypto_unregister_lskciphers);
-int lskcipher_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(lskcipher_register_instance)(struct crypto_template *tmpl,
struct lskcipher_instance *inst)
{
int err;
@@ -421,7 +421,7 @@ int lskcipher_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, lskcipher_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(lskcipher_register_instance);
+DEFINE_CRYPTO_API(lskcipher_register_instance);
static int lskcipher_setkey_simple(struct crypto_lskcipher *tfm, const u8 *key,
unsigned int keylen)
@@ -480,7 +480,7 @@ static void lskcipher_free_instance_simple(struct lskcipher_instance *inst)
* Return: a pointer to the new instance, or an ERR_PTR(). The caller still
* needs to register the instance.
*/
-struct lskcipher_instance *lskcipher_alloc_instance_simple(
+struct lskcipher_instance *CRYPTO_API(lskcipher_alloc_instance_simple)(
struct crypto_template *tmpl, struct rtattr **tb)
{
u32 mask;
@@ -590,4 +590,4 @@ struct lskcipher_instance *lskcipher_alloc_instance_simple(
lskcipher_free_instance_simple(inst);
return ERR_PTR(err);
}
-EXPORT_SYMBOL_GPL(lskcipher_alloc_instance_simple);
+DEFINE_CRYPTO_API(lskcipher_alloc_instance_simple);
diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h
index d5aa535263f6..69de98e9819a 100644
--- a/include/crypto/internal/skcipher.h
+++ b/include/crypto/internal/skcipher.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_INTERNAL_SKCIPHER_H
#define _CRYPTO_INTERNAL_SKCIPHER_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
#include <crypto/internal/cipher.h>
#include <crypto/scatterwalk.h>
@@ -100,9 +101,9 @@ int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask);
-int crypto_grab_lskcipher(struct crypto_lskcipher_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_lskcipher, int,
+ (struct crypto_lskcipher_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
static inline void crypto_drop_skcipher(struct crypto_skcipher_spawn *spawn)
{
@@ -164,12 +165,21 @@ void crypto_unregister_skciphers(struct skcipher_alg *algs, int count);
int skcipher_register_instance(struct crypto_template *tmpl,
struct skcipher_instance *inst);
-int crypto_register_lskcipher(struct lskcipher_alg *alg);
-void crypto_unregister_lskcipher(struct lskcipher_alg *alg);
-int crypto_register_lskciphers(struct lskcipher_alg *algs, int count);
-void crypto_unregister_lskciphers(struct lskcipher_alg *algs, int count);
-int lskcipher_register_instance(struct crypto_template *tmpl,
- struct lskcipher_instance *inst);
+DECLARE_CRYPTO_API(crypto_register_lskcipher, int,
+ (struct lskcipher_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_lskcipher, void,
+ (struct lskcipher_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_lskciphers, int,
+ (struct lskcipher_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_lskciphers, void,
+ (struct lskcipher_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(lskcipher_register_instance, int,
+ (struct crypto_template *tmpl, struct lskcipher_instance *inst),
+ (tmpl, inst));
int skcipher_walk_virt(struct skcipher_walk *__restrict walk,
struct skcipher_request *__restrict req,
@@ -247,8 +257,10 @@ static inline struct crypto_lskcipher *lskcipher_cipher_simple(
return *ctx;
}
-struct lskcipher_instance *lskcipher_alloc_instance_simple(
- struct crypto_template *tmpl, struct rtattr **tb);
+DECLARE_CRYPTO_API(lskcipher_alloc_instance_simple, struct lskcipher_instance *,
+ (
+ struct crypto_template *tmpl, struct rtattr **tb),
+ (tmpl, tb));
static inline struct lskcipher_alg *lskcipher_ialg_simple(
struct lskcipher_instance *inst)
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 9e5853464345..8ce770bb1f48 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_SKCIPHER_H
#define _CRYPTO_SKCIPHER_H
+#include <crypto/api.h>
#include <linux/atomic.h>
#include <linux/container_of.h>
#include <linux/crypto.h>
@@ -297,8 +298,9 @@ struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name,
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_lskcipher *crypto_alloc_lskcipher(const char *alg_name,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_lskcipher, struct crypto_lskcipher *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_skcipher_tfm(
struct crypto_skcipher *tfm)
@@ -636,8 +638,9 @@ static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm,
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm,
- const u8 *key, unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_lskcipher_setkey, int,
+ (struct crypto_lskcipher *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
static inline unsigned int crypto_skcipher_min_keysize(
struct crypto_skcipher *tfm)
@@ -761,8 +764,9 @@ int crypto_skcipher_import(struct skcipher_request *req, const void *in);
* then this many bytes have been left unprocessed;
* < 0 if an error occurred
*/
-int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src,
- u8 *dst, unsigned len, u8 *siv);
+DECLARE_CRYPTO_API(crypto_lskcipher_encrypt, int,
+ (struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, unsigned len, u8 *siv),
+ (tfm, src, dst, len, siv));
/**
* crypto_lskcipher_decrypt() - decrypt ciphertext
@@ -781,8 +785,9 @@ int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src,
* then this many bytes have been left unprocessed;
* < 0 if an error occurred
*/
-int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src,
- u8 *dst, unsigned len, u8 *siv);
+DECLARE_CRYPTO_API(crypto_lskcipher_decrypt, int,
+ (struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, unsigned len, u8 *siv),
+ (tfm, src, dst, len, siv));
/**
* DOC: Symmetric Key Cipher Request Handle
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 059/104] crypto: fips140: convert crypto/kpp.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_KPP2 --source crypto/kpp.c --header include/crypto/kpp.h include/crypto/internal/kpp.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 19 +++++++++++++++++++
crypto/kpp.c | 24 ++++++++++++------------
include/crypto/internal/kpp.h | 21 ++++++++++++++-------
include/crypto/kpp.h | 9 +++++++--
4 files changed, 52 insertions(+), 21 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 09f5818cebe2..9c9f9d57f99d 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -423,3 +423,22 @@ DEFINE_CRYPTO_API_STUB(aead_exit_geniv);
#endif
+/*
+ * crypto/kpp.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_KPP2)
+
+#include <crypto/kpp.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_kpp);
+DEFINE_CRYPTO_API_STUB(crypto_has_kpp);
+
+#include <crypto/internal/kpp.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_register_kpp);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_kpp);
+DEFINE_CRYPTO_API_STUB(kpp_register_instance);
+DEFINE_CRYPTO_API_STUB(crypto_grab_kpp);
+
+#endif
+
diff --git a/crypto/kpp.c b/crypto/kpp.c
index 2e0cefe7a25f..7769cfe8bfde 100644
--- a/crypto/kpp.c
+++ b/crypto/kpp.c
@@ -83,26 +83,26 @@ static const struct crypto_type crypto_kpp_type = {
.algsize = offsetof(struct kpp_alg, base),
};
-struct crypto_kpp *crypto_alloc_kpp(const char *alg_name, u32 type, u32 mask)
+struct crypto_kpp *CRYPTO_API(crypto_alloc_kpp)(const char *alg_name, u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_kpp_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_kpp);
+DEFINE_CRYPTO_API(crypto_alloc_kpp);
-int crypto_grab_kpp(struct crypto_kpp_spawn *spawn,
+int CRYPTO_API(crypto_grab_kpp)(struct crypto_kpp_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_kpp_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_kpp);
+DEFINE_CRYPTO_API(crypto_grab_kpp);
-int crypto_has_kpp(const char *alg_name, u32 type, u32 mask)
+int CRYPTO_API(crypto_has_kpp)(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_kpp_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_has_kpp);
+DEFINE_CRYPTO_API(crypto_has_kpp);
static void kpp_prepare_alg(struct kpp_alg *alg)
{
@@ -113,22 +113,22 @@ static void kpp_prepare_alg(struct kpp_alg *alg)
base->cra_flags |= CRYPTO_ALG_TYPE_KPP;
}
-int crypto_register_kpp(struct kpp_alg *alg)
+int CRYPTO_API(crypto_register_kpp)(struct kpp_alg *alg)
{
struct crypto_alg *base = &alg->base;
kpp_prepare_alg(alg);
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_kpp);
+DEFINE_CRYPTO_API(crypto_register_kpp);
-void crypto_unregister_kpp(struct kpp_alg *alg)
+void CRYPTO_API(crypto_unregister_kpp)(struct kpp_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_kpp);
+DEFINE_CRYPTO_API(crypto_unregister_kpp);
-int kpp_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(kpp_register_instance)(struct crypto_template *tmpl,
struct kpp_instance *inst)
{
if (WARN_ON(!inst->free))
@@ -138,7 +138,7 @@ int kpp_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, kpp_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(kpp_register_instance);
+DEFINE_CRYPTO_API(kpp_register_instance);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Key-agreement Protocol Primitives");
diff --git a/include/crypto/internal/kpp.h b/include/crypto/internal/kpp.h
index 0a6db8c4a9a0..f69e1e311ef4 100644
--- a/include/crypto/internal/kpp.h
+++ b/include/crypto/internal/kpp.h
@@ -7,6 +7,8 @@
*/
#ifndef _CRYPTO_KPP_INT_H
#define _CRYPTO_KPP_INT_H
+
+#include <crypto/api.h>
#include <crypto/kpp.h>
#include <crypto/algapi.h>
@@ -159,7 +161,9 @@ static inline void *kpp_instance_ctx(struct kpp_instance *inst)
*
* Return: zero on success; error code in case of error
*/
-int crypto_register_kpp(struct kpp_alg *alg);
+DECLARE_CRYPTO_API(crypto_register_kpp, int,
+ (struct kpp_alg *alg),
+ (alg));
/**
* crypto_unregister_kpp() -- Unregister key-agreement protocol primitive
@@ -170,7 +174,9 @@ int crypto_register_kpp(struct kpp_alg *alg);
*
* @alg: algorithm definition
*/
-void crypto_unregister_kpp(struct kpp_alg *alg);
+DECLARE_CRYPTO_API(crypto_unregister_kpp, void,
+ (struct kpp_alg *alg),
+ (alg));
/**
* kpp_register_instance() - Register a KPP template instance.
@@ -178,8 +184,9 @@ void crypto_unregister_kpp(struct kpp_alg *alg);
* @inst: The KPP template instance to be registered.
* Return: %0 on success, negative error code otherwise.
*/
-int kpp_register_instance(struct crypto_template *tmpl,
- struct kpp_instance *inst);
+DECLARE_CRYPTO_API(kpp_register_instance, int,
+ (struct crypto_template *tmpl, struct kpp_instance *inst),
+ (tmpl, inst));
/*
* KPP spawn related functions.
@@ -193,9 +200,9 @@ int kpp_register_instance(struct crypto_template *tmpl,
* @mask: The mask bismask to pass on to the lookup.
* Return: %0 on success, a negative error code otherwise.
*/
-int crypto_grab_kpp(struct crypto_kpp_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_kpp, int,
+ (struct crypto_kpp_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
/**
* crypto_drop_kpp() - Release a spawn previously bound via crypto_grab_kpp().
diff --git a/include/crypto/kpp.h b/include/crypto/kpp.h
index 2d9c4de57b69..f4b0af4afdb7 100644
--- a/include/crypto/kpp.h
+++ b/include/crypto/kpp.h
@@ -9,6 +9,7 @@
#ifndef _CRYPTO_KPP_
#define _CRYPTO_KPP_
+#include <crypto/api.h>
#include <linux/atomic.h>
#include <linux/container_of.h>
#include <linux/crypto.h>
@@ -107,9 +108,13 @@ struct kpp_alg {
* Return: allocated handle in case of success; IS_ERR() is true in case of
* an error, PTR_ERR() returns the error code.
*/
-struct crypto_kpp *crypto_alloc_kpp(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_kpp, struct crypto_kpp *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
-int crypto_has_kpp(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_has_kpp, int,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_kpp_tfm(struct crypto_kpp *tfm)
{
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 058/104] crypto: fips140: convert crypto/jitterentropy-kcapi.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_JITTERENTROPY --source crypto/jitterentropy-kcapi.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/jitterentropy-kcapi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 1266eb790708..4718a40f8bd6 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -368,8 +368,8 @@ static void __exit jent_mod_exit(void)
crypto_unregister_rng(&jent_alg);
}
-module_init(jent_mod_init);
-module_exit(jent_mod_exit);
+crypto_module_init(jent_mod_init);
+crypto_module_exit(jent_mod_exit);
MODULE_LICENSE("Dual BSD/GPL");
MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 057/104] crypto: fips140: convert crypto/hmac.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_HMAC --source crypto/hmac.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/hmac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 148af460ae97..d8d24a2ea2f7 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -573,8 +573,8 @@ static void __exit hmac_module_exit(void)
crypto_unregister_templates(hmac_tmpls, ARRAY_SIZE(hmac_tmpls));
}
-module_init(hmac_module_init);
-module_exit(hmac_module_exit);
+crypto_module_init(hmac_module_init);
+crypto_module_exit(hmac_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("HMAC hash algorithm");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 056/104] crypto: fips140: convert crypto/ghash-generic.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_GHASH --source crypto/ghash-generic.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ghash-generic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
index e5803c249c12..37e98aa546c7 100644
--- a/crypto/ghash-generic.c
+++ b/crypto/ghash-generic.c
@@ -153,8 +153,8 @@ static void __exit ghash_mod_exit(void)
crypto_unregister_shash(&ghash_alg);
}
-module_init(ghash_mod_init);
-module_exit(ghash_mod_exit);
+crypto_module_init(ghash_mod_init);
+crypto_module_exit(ghash_mod_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("GHASH hash function");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 055/104] crypto: fips140: convert crypto/geniv.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_GENIV --source crypto/geniv.c --header include/crypto/internal/geniv.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 13 +++++++++++++
crypto/geniv.c | 12 ++++++------
include/crypto/internal/geniv.h | 14 ++++++++++----
3 files changed, 29 insertions(+), 10 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index fab12d65a312..09f5818cebe2 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -410,3 +410,16 @@ DEFINE_CRYPTO_API_STUB(crypto_ecdh_decode_key);
#endif
+/*
+ * crypto/geniv.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_GENIV)
+
+#include <crypto/internal/geniv.h>
+
+DEFINE_CRYPTO_API_STUB(aead_geniv_alloc);
+DEFINE_CRYPTO_API_STUB(aead_init_geniv);
+DEFINE_CRYPTO_API_STUB(aead_exit_geniv);
+
+#endif
+
diff --git a/crypto/geniv.c b/crypto/geniv.c
index 0b18240ac813..61d81aa2d4ff 100644
--- a/crypto/geniv.c
+++ b/crypto/geniv.c
@@ -37,7 +37,7 @@ static void aead_geniv_free(struct aead_instance *inst)
kfree(inst);
}
-struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl,
+struct aead_instance *CRYPTO_API(aead_geniv_alloc)(struct crypto_template *tmpl,
struct rtattr **tb)
{
struct crypto_aead_spawn *spawn;
@@ -103,9 +103,9 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl,
inst = ERR_PTR(err);
goto out;
}
-EXPORT_SYMBOL_GPL(aead_geniv_alloc);
+DEFINE_CRYPTO_API(aead_geniv_alloc);
-int aead_init_geniv(struct crypto_aead *aead)
+int CRYPTO_API(aead_init_geniv)(struct crypto_aead *aead)
{
struct aead_geniv_ctx *ctx = crypto_aead_ctx(aead);
struct aead_instance *inst = aead_alg_instance(aead);
@@ -138,15 +138,15 @@ int aead_init_geniv(struct crypto_aead *aead)
out:
return err;
}
-EXPORT_SYMBOL_GPL(aead_init_geniv);
+DEFINE_CRYPTO_API(aead_init_geniv);
-void aead_exit_geniv(struct crypto_aead *tfm)
+void CRYPTO_API(aead_exit_geniv)(struct crypto_aead *tfm)
{
struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm);
crypto_free_aead(ctx->child);
}
-EXPORT_SYMBOL_GPL(aead_exit_geniv);
+DEFINE_CRYPTO_API(aead_exit_geniv);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Shared IV generator code");
diff --git a/include/crypto/internal/geniv.h b/include/crypto/internal/geniv.h
index 012f5fb22d43..c7aaad2ab534 100644
--- a/include/crypto/internal/geniv.h
+++ b/include/crypto/internal/geniv.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_INTERNAL_GENIV_H
#define _CRYPTO_INTERNAL_GENIV_H
+#include <crypto/api.h>
#include <crypto/internal/aead.h>
#include <linux/spinlock.h>
#include <linux/types.h>
@@ -18,9 +19,14 @@ struct aead_geniv_ctx {
u8 salt[] __attribute__ ((aligned(__alignof__(u32))));
};
-struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl,
- struct rtattr **tb);
-int aead_init_geniv(struct crypto_aead *tfm);
-void aead_exit_geniv(struct crypto_aead *tfm);
+DECLARE_CRYPTO_API(aead_geniv_alloc, struct aead_instance *,
+ (struct crypto_template *tmpl, struct rtattr **tb),
+ (tmpl, tb));
+DECLARE_CRYPTO_API(aead_init_geniv, int,
+ (struct crypto_aead *tfm),
+ (tfm));
+DECLARE_CRYPTO_API(aead_exit_geniv, void,
+ (struct crypto_aead *tfm),
+ (tfm));
#endif /* _CRYPTO_INTERNAL_GENIV_H */
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 054/104] crypto: fips140: convert crypto/gcm.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_GCM --source crypto/gcm.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/gcm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/gcm.c b/crypto/gcm.c
index 97716482bed0..54a376e782d1 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -1119,8 +1119,8 @@ static void __exit crypto_gcm_module_exit(void)
ARRAY_SIZE(crypto_gcm_tmpls));
}
-module_init(crypto_gcm_module_init);
-module_exit(crypto_gcm_module_exit);
+crypto_module_init(crypto_gcm_module_init);
+crypto_module_exit(crypto_gcm_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Galois/Counter Mode");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 053/104] crypto: fips140: convert crypto/essiv.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ESSIV --source crypto/essiv.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/essiv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/essiv.c b/crypto/essiv.c
index d003b78fcd85..579fa227476f 100644
--- a/crypto/essiv.c
+++ b/crypto/essiv.c
@@ -641,8 +641,8 @@ static void __exit essiv_module_exit(void)
crypto_unregister_template(&essiv_tmpl);
}
-module_init(essiv_module_init);
-module_exit(essiv_module_exit);
+crypto_module_init(essiv_module_init);
+crypto_module_exit(essiv_module_exit);
MODULE_DESCRIPTION("ESSIV skcipher/aead wrapper for block encryption");
MODULE_LICENSE("GPL v2");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 052/104] crypto: fips140: convert crypto/echainiv.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECHAINIV --source crypto/echainiv.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/echainiv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/echainiv.c b/crypto/echainiv.c
index e0a2d3209938..d409b4169e83 100644
--- a/crypto/echainiv.c
+++ b/crypto/echainiv.c
@@ -145,8 +145,8 @@ static void __exit echainiv_module_exit(void)
crypto_unregister_template(&echainiv_tmpl);
}
-module_init(echainiv_module_init);
-module_exit(echainiv_module_exit);
+crypto_module_init(echainiv_module_init);
+crypto_module_exit(echainiv_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Encrypted Chain IV Generator");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 050/104] crypto: fips140: convert crypto/ecdh_helper.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECDH --source crypto/ecdh_helper.c --header include/crypto/ecdh.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecdh_helper.c | 12 ++++++------
crypto/fips140-api.c | 13 +++++++++++++
include/crypto/ecdh.h | 12 +++++++++---
3 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/crypto/ecdh_helper.c b/crypto/ecdh_helper.c
index f18f9028f912..42530c3f70dd 100644
--- a/crypto/ecdh_helper.c
+++ b/crypto/ecdh_helper.c
@@ -24,13 +24,13 @@ static inline const u8 *ecdh_unpack_data(void *dst, const void *src, size_t sz)
return src + sz;
}
-unsigned int crypto_ecdh_key_len(const struct ecdh *params)
+unsigned int CRYPTO_API(crypto_ecdh_key_len)(const struct ecdh *params)
{
return ECDH_KPP_SECRET_MIN_SIZE + params->key_size;
}
-EXPORT_SYMBOL_GPL(crypto_ecdh_key_len);
+DEFINE_CRYPTO_API(crypto_ecdh_key_len);
-int crypto_ecdh_encode_key(char *buf, unsigned int len,
+int CRYPTO_API(crypto_ecdh_encode_key)(char *buf, unsigned int len,
const struct ecdh *params)
{
u8 *ptr = buf;
@@ -51,9 +51,9 @@ int crypto_ecdh_encode_key(char *buf, unsigned int len,
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_ecdh_encode_key);
+DEFINE_CRYPTO_API(crypto_ecdh_encode_key);
-int crypto_ecdh_decode_key(const char *buf, unsigned int len,
+int CRYPTO_API(crypto_ecdh_decode_key)(const char *buf, unsigned int len,
struct ecdh *params)
{
const u8 *ptr = buf;
@@ -80,4 +80,4 @@ int crypto_ecdh_decode_key(const char *buf, unsigned int len,
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_ecdh_decode_key);
+DEFINE_CRYPTO_API(crypto_ecdh_decode_key);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index f236b302c2a7..fab12d65a312 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -397,3 +397,16 @@ DEFINE_CRYPTO_API_STUB(ecc_point_mult_shamir);
#endif
+/*
+ * crypto/ecdh_helper.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_ECDH)
+
+#include <crypto/ecdh.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_ecdh_key_len);
+DEFINE_CRYPTO_API_STUB(crypto_ecdh_encode_key);
+DEFINE_CRYPTO_API_STUB(crypto_ecdh_decode_key);
+
+#endif
+
diff --git a/include/crypto/ecdh.h b/include/crypto/ecdh.h
index aa09f880c0d3..35d20c9b23d2 100644
--- a/include/crypto/ecdh.h
+++ b/include/crypto/ecdh.h
@@ -51,7 +51,9 @@ struct ecdh {
*
* Return: size of the key in bytes
*/
-unsigned int crypto_ecdh_key_len(const struct ecdh *params);
+DECLARE_CRYPTO_API(crypto_ecdh_key_len, unsigned int,
+ (const struct ecdh *params),
+ (params));
/**
* crypto_ecdh_encode_key() - encode the private key
@@ -66,7 +68,9 @@ unsigned int crypto_ecdh_key_len(const struct ecdh *params);
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
-int crypto_ecdh_encode_key(char *buf, unsigned int len, const struct ecdh *p);
+DECLARE_CRYPTO_API(crypto_ecdh_encode_key, int,
+ (char *buf, unsigned int len, const struct ecdh *p),
+ (buf, len, p));
/**
* crypto_ecdh_decode_key() - decode a private key
@@ -80,6 +84,8 @@ int crypto_ecdh_encode_key(char *buf, unsigned int len, const struct ecdh *p);
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
-int crypto_ecdh_decode_key(const char *buf, unsigned int len, struct ecdh *p);
+DECLARE_CRYPTO_API(crypto_ecdh_decode_key, int,
+ (const char *buf, unsigned int len, struct ecdh *p),
+ (buf, len, p));
#endif
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 051/104] crypto: fips140: convert crypto/ecdsa.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECDSA --source crypto/ecdsa.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecdsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index ce8e4364842f..64903419e6db 100644
--- a/crypto/ecdsa.c
+++ b/crypto/ecdsa.c
@@ -334,8 +334,8 @@ static void __exit ecdsa_exit(void)
crypto_unregister_sig(&ecdsa_nist_p521);
}
-module_init(ecdsa_init);
-module_exit(ecdsa_exit);
+crypto_module_init(ecdsa_init);
+crypto_module_exit(ecdsa_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Stefan Berger <stefanb@linux.ibm.com>");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 049/104] crypto: fips140: convert crypto/ecdh.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECDH --source crypto/ecdh.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecdh.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 9f0b93b3166d..32c98cebfda6 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -240,8 +240,8 @@ static void __exit ecdh_exit(void)
crypto_unregister_kpp(&ecdh_nist_p384);
}
-module_init(ecdh_init);
-module_exit(ecdh_exit);
+crypto_module_init(ecdh_init);
+crypto_module_exit(ecdh_exit);
MODULE_ALIAS_CRYPTO("ecdh");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("ECDH generic algorithm");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 048/104] crypto: fips140: convert crypto/ecc.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECC --source crypto/ecc.c --header include/crypto/ecc_curve.h include/crypto/internal/ecc.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecc.c | 84 ++++++++++++++++----------------
crypto/fips140-api.c | 34 +++++++++++++
include/crypto/ecc_curve.h | 9 +++-
include/crypto/internal/ecc.h | 91 ++++++++++++++++++++++-------------
4 files changed, 141 insertions(+), 77 deletions(-)
diff --git a/crypto/ecc.c b/crypto/ecc.c
index c9f82626177b..b28832e1aaea 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -44,13 +44,13 @@ typedef struct {
} uint128_t;
/* Returns curv25519 curve param */
-const struct ecc_curve *ecc_get_curve25519(void)
+const struct ecc_curve *CRYPTO_API(ecc_get_curve25519)(void)
{
return &ecc_25519;
}
-EXPORT_SYMBOL(ecc_get_curve25519);
+DEFINE_CRYPTO_API(ecc_get_curve25519);
-const struct ecc_curve *ecc_get_curve(unsigned int curve_id)
+const struct ecc_curve *CRYPTO_API(ecc_get_curve)(unsigned int curve_id)
{
switch (curve_id) {
/* In FIPS mode only allow P256 and higher */
@@ -66,9 +66,9 @@ const struct ecc_curve *ecc_get_curve(unsigned int curve_id)
return NULL;
}
}
-EXPORT_SYMBOL(ecc_get_curve);
+DEFINE_CRYPTO_API(ecc_get_curve);
-void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
+void CRYPTO_API(ecc_digits_from_bytes)(const u8 *in, unsigned int nbytes,
u64 *out, unsigned int ndigits)
{
int diff = ndigits - DIV_ROUND_UP_POW2(nbytes, sizeof(u64));
@@ -88,7 +88,7 @@ void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
}
ecc_swap_digits(in, out, ndigits);
}
-EXPORT_SYMBOL(ecc_digits_from_bytes);
+DEFINE_CRYPTO_API(ecc_digits_from_bytes);
static u64 *ecc_alloc_digits_space(unsigned int ndigits)
{
@@ -105,7 +105,7 @@ static void ecc_free_digits_space(u64 *space)
kfree_sensitive(space);
}
-struct ecc_point *ecc_alloc_point(unsigned int ndigits)
+struct ecc_point *CRYPTO_API(ecc_alloc_point)(unsigned int ndigits)
{
struct ecc_point *p = kmalloc(sizeof(*p), GFP_KERNEL);
@@ -130,9 +130,9 @@ struct ecc_point *ecc_alloc_point(unsigned int ndigits)
kfree(p);
return NULL;
}
-EXPORT_SYMBOL(ecc_alloc_point);
+DEFINE_CRYPTO_API(ecc_alloc_point);
-void ecc_free_point(struct ecc_point *p)
+void CRYPTO_API(ecc_free_point)(struct ecc_point *p)
{
if (!p)
return;
@@ -141,7 +141,7 @@ void ecc_free_point(struct ecc_point *p)
kfree_sensitive(p->y);
kfree_sensitive(p);
}
-EXPORT_SYMBOL(ecc_free_point);
+DEFINE_CRYPTO_API(ecc_free_point);
static void vli_clear(u64 *vli, unsigned int ndigits)
{
@@ -152,7 +152,7 @@ static void vli_clear(u64 *vli, unsigned int ndigits)
}
/* Returns true if vli == 0, false otherwise. */
-bool vli_is_zero(const u64 *vli, unsigned int ndigits)
+bool CRYPTO_API(vli_is_zero)(const u64 *vli, unsigned int ndigits)
{
int i;
@@ -163,7 +163,7 @@ bool vli_is_zero(const u64 *vli, unsigned int ndigits)
return true;
}
-EXPORT_SYMBOL(vli_is_zero);
+DEFINE_CRYPTO_API(vli_is_zero);
/* Returns nonzero if bit of vli is set. */
static u64 vli_test_bit(const u64 *vli, unsigned int bit)
@@ -191,7 +191,7 @@ static unsigned int vli_num_digits(const u64 *vli, unsigned int ndigits)
}
/* Counts the number of bits required for vli. */
-unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits)
+unsigned int CRYPTO_API(vli_num_bits)(const u64 *vli, unsigned int ndigits)
{
unsigned int i, num_digits;
u64 digit;
@@ -206,10 +206,10 @@ unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits)
return ((num_digits - 1) * 64 + i);
}
-EXPORT_SYMBOL(vli_num_bits);
+DEFINE_CRYPTO_API(vli_num_bits);
/* Set dest from unaligned bit string src. */
-void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits)
+void CRYPTO_API(vli_from_be64)(u64 *dest, const void *src, unsigned int ndigits)
{
int i;
const u64 *from = src;
@@ -217,9 +217,9 @@ void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits)
for (i = 0; i < ndigits; i++)
dest[i] = get_unaligned_be64(&from[ndigits - 1 - i]);
}
-EXPORT_SYMBOL(vli_from_be64);
+DEFINE_CRYPTO_API(vli_from_be64);
-void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits)
+void CRYPTO_API(vli_from_le64)(u64 *dest, const void *src, unsigned int ndigits)
{
int i;
const u64 *from = src;
@@ -227,7 +227,7 @@ void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits)
for (i = 0; i < ndigits; i++)
dest[i] = get_unaligned_le64(&from[i]);
}
-EXPORT_SYMBOL(vli_from_le64);
+DEFINE_CRYPTO_API(vli_from_le64);
/* Sets dest = src. */
static void vli_set(u64 *dest, const u64 *src, unsigned int ndigits)
@@ -239,7 +239,7 @@ static void vli_set(u64 *dest, const u64 *src, unsigned int ndigits)
}
/* Returns sign of left - right. */
-int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits)
+int CRYPTO_API(vli_cmp)(const u64 *left, const u64 *right, unsigned int ndigits)
{
int i;
@@ -252,7 +252,7 @@ int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits)
return 0;
}
-EXPORT_SYMBOL(vli_cmp);
+DEFINE_CRYPTO_API(vli_cmp);
/* Computes result = in << c, returning carry. Can modify in place
* (if result == in). 0 < shift < 64.
@@ -331,7 +331,7 @@ static u64 vli_uadd(u64 *result, const u64 *left, u64 right,
}
/* Computes result = left - right, returning borrow. Can modify in place. */
-u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
+u64 CRYPTO_API(vli_sub)(u64 *result, const u64 *left, const u64 *right,
unsigned int ndigits)
{
u64 borrow = 0;
@@ -349,7 +349,7 @@ u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
return borrow;
}
-EXPORT_SYMBOL(vli_sub);
+DEFINE_CRYPTO_API(vli_sub);
/* Computes result = left - right, returning borrow. Can modify in place. */
static u64 vli_usub(u64 *result, const u64 *left, u64 right,
@@ -1001,7 +1001,7 @@ static bool vli_mmod_fast(u64 *result, u64 *product,
/* Computes result = (left * right) % mod.
* Assumes that mod is big enough curve order.
*/
-void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
+void CRYPTO_API(vli_mod_mult_slow)(u64 *result, const u64 *left, const u64 *right,
const u64 *mod, unsigned int ndigits)
{
u64 product[ECC_MAX_DIGITS * 2];
@@ -1009,7 +1009,7 @@ void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
vli_mult(product, left, right, ndigits);
vli_mmod_slow(result, product, mod, ndigits);
}
-EXPORT_SYMBOL(vli_mod_mult_slow);
+DEFINE_CRYPTO_API(vli_mod_mult_slow);
/* Computes result = (left * right) % curve_prime. */
static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right,
@@ -1036,7 +1036,7 @@ static void vli_mod_square_fast(u64 *result, const u64 *left,
* See "From Euclid's GCD to Montgomery Multiplication to the Great Divide"
* https://labs.oracle.com/techrep/2001/smli_tr-2001-95.pdf
*/
-void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
+void CRYPTO_API(vli_mod_inv)(u64 *result, const u64 *input, const u64 *mod,
unsigned int ndigits)
{
u64 a[ECC_MAX_DIGITS], b[ECC_MAX_DIGITS];
@@ -1109,17 +1109,17 @@ void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
vli_set(result, u, ndigits);
}
-EXPORT_SYMBOL(vli_mod_inv);
+DEFINE_CRYPTO_API(vli_mod_inv);
/* ------ Point operations ------ */
/* Returns true if p_point is the point at infinity, false otherwise. */
-bool ecc_point_is_zero(const struct ecc_point *point)
+bool CRYPTO_API(ecc_point_is_zero)(const struct ecc_point *point)
{
return (vli_is_zero(point->x, point->ndigits) &&
vli_is_zero(point->y, point->ndigits));
}
-EXPORT_SYMBOL(ecc_point_is_zero);
+DEFINE_CRYPTO_API(ecc_point_is_zero);
/* Point multiplication algorithm using Montgomery's ladder with co-Z
* coordinates. From https://eprint.iacr.org/2011/338.pdf
@@ -1411,7 +1411,7 @@ static void ecc_point_add(const struct ecc_point *result,
/* Computes R = u1P + u2Q mod p using Shamir's trick.
* Based on: Kenneth MacKay's micro-ecc (2014).
*/
-void ecc_point_mult_shamir(const struct ecc_point *result,
+void CRYPTO_API(ecc_point_mult_shamir)(const struct ecc_point *result,
const u64 *u1, const struct ecc_point *p,
const u64 *u2, const struct ecc_point *q,
const struct ecc_curve *curve)
@@ -1466,7 +1466,7 @@ void ecc_point_mult_shamir(const struct ecc_point *result,
vli_mod_inv(z, z, curve->p, ndigits);
apply_z(rx, ry, z, curve);
}
-EXPORT_SYMBOL(ecc_point_mult_shamir);
+DEFINE_CRYPTO_API(ecc_point_mult_shamir);
/*
* This function performs checks equivalent to Appendix A.4.2 of FIPS 186-5.
@@ -1497,7 +1497,7 @@ static int __ecc_is_key_valid(const struct ecc_curve *curve,
return 0;
}
-int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
+int CRYPTO_API(ecc_is_key_valid)(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, unsigned int private_key_len)
{
int nbytes;
@@ -1510,7 +1510,7 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
return __ecc_is_key_valid(curve, private_key, ndigits);
}
-EXPORT_SYMBOL(ecc_is_key_valid);
+DEFINE_CRYPTO_API(ecc_is_key_valid);
/*
* ECC private keys are generated using the method of rejection sampling,
@@ -1519,7 +1519,7 @@ EXPORT_SYMBOL(ecc_is_key_valid);
* This method generates a private key uniformly distributed in the range
* [2, n-3].
*/
-int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
+int CRYPTO_API(ecc_gen_privkey)(unsigned int curve_id, unsigned int ndigits,
u64 *private_key)
{
const struct ecc_curve *curve = ecc_get_curve(curve_id);
@@ -1561,9 +1561,9 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
return 0;
}
-EXPORT_SYMBOL(ecc_gen_privkey);
+DEFINE_CRYPTO_API(ecc_gen_privkey);
-int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
+int CRYPTO_API(ecc_make_pub_key)(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, u64 *public_key)
{
int ret = 0;
@@ -1597,10 +1597,10 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
out:
return ret;
}
-EXPORT_SYMBOL(ecc_make_pub_key);
+DEFINE_CRYPTO_API(ecc_make_pub_key);
/* SP800-56A section 5.6.2.3.4 partial verification: ephemeral keys only */
-int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
+int CRYPTO_API(ecc_is_pubkey_valid_partial)(const struct ecc_curve *curve,
struct ecc_point *pk)
{
u64 yy[ECC_MAX_DIGITS], xxx[ECC_MAX_DIGITS], w[ECC_MAX_DIGITS];
@@ -1630,10 +1630,10 @@ int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
return 0;
}
-EXPORT_SYMBOL(ecc_is_pubkey_valid_partial);
+DEFINE_CRYPTO_API(ecc_is_pubkey_valid_partial);
/* SP800-56A section 5.6.2.3.3 full verification */
-int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
+int CRYPTO_API(ecc_is_pubkey_valid_full)(const struct ecc_curve *curve,
struct ecc_point *pk)
{
struct ecc_point *nQ;
@@ -1657,9 +1657,9 @@ int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
return ret;
}
-EXPORT_SYMBOL(ecc_is_pubkey_valid_full);
+DEFINE_CRYPTO_API(ecc_is_pubkey_valid_full);
-int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
+int CRYPTO_API(crypto_ecdh_shared_secret)(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, const u64 *public_key,
u64 *secret)
{
@@ -1713,7 +1713,7 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
out:
return ret;
}
-EXPORT_SYMBOL(crypto_ecdh_shared_secret);
+DEFINE_CRYPTO_API(crypto_ecdh_shared_secret);
MODULE_DESCRIPTION("core elliptic curve module");
MODULE_LICENSE("Dual BSD/GPL");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 600c759cbc5e..f236b302c2a7 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -363,3 +363,37 @@ DEFINE_CRYPTO_API_STUB(crypto_dh_decode_key);
#endif
+/*
+ * crypto/ecc.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_ECC)
+
+#include <crypto/ecc_curve.h>
+
+DEFINE_CRYPTO_API_STUB(ecc_get_curve);
+DEFINE_CRYPTO_API_STUB(ecc_get_curve25519);
+
+#include <crypto/internal/ecc.h>
+
+DEFINE_CRYPTO_API_STUB(ecc_digits_from_bytes);
+DEFINE_CRYPTO_API_STUB(ecc_is_key_valid);
+DEFINE_CRYPTO_API_STUB(ecc_gen_privkey);
+DEFINE_CRYPTO_API_STUB(ecc_make_pub_key);
+DEFINE_CRYPTO_API_STUB(crypto_ecdh_shared_secret);
+DEFINE_CRYPTO_API_STUB(ecc_is_pubkey_valid_partial);
+DEFINE_CRYPTO_API_STUB(ecc_is_pubkey_valid_full);
+DEFINE_CRYPTO_API_STUB(vli_is_zero);
+DEFINE_CRYPTO_API_STUB(vli_cmp);
+DEFINE_CRYPTO_API_STUB(vli_sub);
+DEFINE_CRYPTO_API_STUB(vli_from_be64);
+DEFINE_CRYPTO_API_STUB(vli_from_le64);
+DEFINE_CRYPTO_API_STUB(vli_mod_inv);
+DEFINE_CRYPTO_API_STUB(vli_mod_mult_slow);
+DEFINE_CRYPTO_API_STUB(vli_num_bits);
+DEFINE_CRYPTO_API_STUB(ecc_alloc_point);
+DEFINE_CRYPTO_API_STUB(ecc_free_point);
+DEFINE_CRYPTO_API_STUB(ecc_point_is_zero);
+DEFINE_CRYPTO_API_STUB(ecc_point_mult_shamir);
+
+#endif
+
diff --git a/include/crypto/ecc_curve.h b/include/crypto/ecc_curve.h
index 7d90c5e82266..547cb82517bf 100644
--- a/include/crypto/ecc_curve.h
+++ b/include/crypto/ecc_curve.h
@@ -4,6 +4,7 @@
#ifndef _CRYTO_ECC_CURVE_H
#define _CRYTO_ECC_CURVE_H
+#include <crypto/api.h>
#include <linux/types.h>
/**
@@ -50,13 +51,17 @@ struct ecc_curve {
*
* Returns curve if get curve succssful, NULL otherwise
*/
-const struct ecc_curve *ecc_get_curve(unsigned int curve_id);
+DECLARE_CRYPTO_API(ecc_get_curve, const struct ecc_curve *,
+ (unsigned int curve_id),
+ (curve_id));
/**
* ecc_get_curve25519() - get curve25519 curve;
*
* Returns curve25519
*/
-const struct ecc_curve *ecc_get_curve25519(void);
+DECLARE_CRYPTO_API(ecc_get_curve25519, const struct ecc_curve *,
+ (void),
+ ());
#endif
diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/ecc.h
index 57cd75242141..906d1443de96 100644
--- a/include/crypto/internal/ecc.h
+++ b/include/crypto/internal/ecc.h
@@ -26,6 +26,7 @@
#ifndef _CRYPTO_ECC_H
#define _CRYPTO_ECC_H
+#include <crypto/api.h>
#include <crypto/ecc_curve.h>
#include <linux/unaligned.h>
@@ -79,8 +80,9 @@ static inline void ecc_swap_digits(const void *in, u64 *out, unsigned int ndigit
* The first byte in the input byte array is expected to hold the most
* significant bits of the large integer.
*/
-void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
- u64 *out, unsigned int ndigits);
+DECLARE_CRYPTO_API(ecc_digits_from_bytes, void,
+ (const u8 *in, unsigned int nbytes, u64 *out, unsigned int ndigits),
+ (in, nbytes, out, ndigits));
/**
* ecc_is_key_valid() - Validate a given ECDH private key
@@ -92,8 +94,9 @@ void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
*
* Returns 0 if the key is acceptable, a negative value otherwise
*/
-int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
- const u64 *private_key, unsigned int private_key_len);
+DECLARE_CRYPTO_API(ecc_is_key_valid, int,
+ (unsigned int curve_id, unsigned int ndigits, const u64 *private_key, unsigned int private_key_len),
+ (curve_id, ndigits, private_key, private_key_len));
/**
* ecc_gen_privkey() - Generates an ECC private key.
@@ -107,8 +110,9 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
* Returns 0 if the private key was generated successfully, a negative value
* if an error occurred.
*/
-int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
- u64 *private_key);
+DECLARE_CRYPTO_API(ecc_gen_privkey, int,
+ (unsigned int curve_id, unsigned int ndigits, u64 *private_key),
+ (curve_id, ndigits, private_key));
/**
* ecc_make_pub_key() - Compute an ECC public key
@@ -121,8 +125,9 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
* Returns 0 if the public key was generated successfully, a negative value
* if an error occurred.
*/
-int ecc_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
- const u64 *private_key, u64 *public_key);
+DECLARE_CRYPTO_API(ecc_make_pub_key, int,
+ (const unsigned int curve_id, unsigned int ndigits, const u64 *private_key, u64 *public_key),
+ (curve_id, ndigits, private_key, public_key));
/**
* crypto_ecdh_shared_secret() - Compute a shared secret
@@ -139,9 +144,9 @@ int ecc_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
* Returns 0 if the shared secret was generated successfully, a negative value
* if an error occurred.
*/
-int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
- const u64 *private_key, const u64 *public_key,
- u64 *secret);
+DECLARE_CRYPTO_API(crypto_ecdh_shared_secret, int,
+ (unsigned int curve_id, unsigned int ndigits, const u64 *private_key, const u64 *public_key, u64 *secret),
+ (curve_id, ndigits, private_key, public_key, secret));
/**
* ecc_is_pubkey_valid_partial() - Partial public key validation
@@ -157,8 +162,9 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
*
* Return: 0 if validation is successful, -EINVAL if validation is failed.
*/
-int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
- struct ecc_point *pk);
+DECLARE_CRYPTO_API(ecc_is_pubkey_valid_partial, int,
+ (const struct ecc_curve *curve, struct ecc_point *pk),
+ (curve, pk));
/**
* ecc_is_pubkey_valid_full() - Full public key validation
@@ -171,8 +177,9 @@ int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
*
* Return: 0 if validation is successful, -EINVAL if validation is failed.
*/
-int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
- struct ecc_point *pk);
+DECLARE_CRYPTO_API(ecc_is_pubkey_valid_full, int,
+ (const struct ecc_curve *curve, struct ecc_point *pk),
+ (curve, pk));
/**
* vli_is_zero() - Determine is vli is zero
@@ -180,7 +187,9 @@ int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
* @vli: vli to check.
* @ndigits: length of the @vli
*/
-bool vli_is_zero(const u64 *vli, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_is_zero, bool,
+ (const u64 *vli, unsigned int ndigits),
+ (vli, ndigits));
/**
* vli_cmp() - compare left and right vlis
@@ -192,7 +201,9 @@ bool vli_is_zero(const u64 *vli, unsigned int ndigits);
* Returns sign of @left - @right, i.e. -1 if @left < @right,
* 0 if @left == @right, 1 if @left > @right.
*/
-int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_cmp, int,
+ (const u64 *left, const u64 *right, unsigned int ndigits),
+ (left, right, ndigits));
/**
* vli_sub() - Subtracts right from left
@@ -206,8 +217,9 @@ int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits);
*
* Return: carry bit.
*/
-u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
- unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_sub, u64,
+ (u64 *result, const u64 *left, const u64 *right, unsigned int ndigits),
+ (result, left, right, ndigits));
/**
* vli_from_be64() - Load vli from big-endian u64 array
@@ -216,7 +228,9 @@ u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
* @src: source array of u64 BE values
* @ndigits: length of both vli and array
*/
-void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_from_be64, void,
+ (u64 *dest, const void *src, unsigned int ndigits),
+ (dest, src, ndigits));
/**
* vli_from_le64() - Load vli from little-endian u64 array
@@ -225,7 +239,9 @@ void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits);
* @src: source array of u64 LE values
* @ndigits: length of both vli and array
*/
-void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_from_le64, void,
+ (u64 *dest, const void *src, unsigned int ndigits),
+ (dest, src, ndigits));
/**
* vli_mod_inv() - Modular inversion
@@ -235,8 +251,9 @@ void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits);
* @mod: modulus
* @ndigits: length of all vlis
*/
-void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
- unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_mod_inv, void,
+ (u64 *result, const u64 *input, const u64 *mod, unsigned int ndigits),
+ (result, input, mod, ndigits));
/**
* vli_mod_mult_slow() - Modular multiplication
@@ -249,8 +266,9 @@ void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
*
* Note: Assumes that mod is big enough curve order.
*/
-void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
- const u64 *mod, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_mod_mult_slow, void,
+ (u64 *result, const u64 *left, const u64 *right, const u64 *mod, unsigned int ndigits),
+ (result, left, right, mod, ndigits));
/**
* vli_num_bits() - Counts the number of bits required for vli.
@@ -260,7 +278,9 @@ void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
*
* Return: The number of bits required to represent @vli.
*/
-unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits);
+DECLARE_CRYPTO_API(vli_num_bits, unsigned int,
+ (const u64 *vli, unsigned int ndigits),
+ (vli, ndigits));
/**
* ecc_aloc_point() - Allocate ECC point.
@@ -269,14 +289,18 @@ unsigned int vli_num_bits(const u64 *vli, unsigned int ndigits);
*
* Return: Pointer to the allocated point or NULL if allocation failed.
*/
-struct ecc_point *ecc_alloc_point(unsigned int ndigits);
+DECLARE_CRYPTO_API(ecc_alloc_point, struct ecc_point *,
+ (unsigned int ndigits),
+ (ndigits));
/**
* ecc_free_point() - Free ECC point.
*
* @p: The point to free.
*/
-void ecc_free_point(struct ecc_point *p);
+DECLARE_CRYPTO_API(ecc_free_point, void,
+ (struct ecc_point *p),
+ (p));
/**
* ecc_point_is_zero() - Check if point is zero.
@@ -285,7 +309,9 @@ void ecc_free_point(struct ecc_point *p);
*
* Return: true if point is the point at infinity, false otherwise.
*/
-bool ecc_point_is_zero(const struct ecc_point *point);
+DECLARE_CRYPTO_API(ecc_point_is_zero, bool,
+ (const struct ecc_point *point),
+ (point));
/**
* ecc_point_mult_shamir() - Add two points multiplied by scalars
@@ -300,10 +326,9 @@ bool ecc_point_is_zero(const struct ecc_point *point);
* Returns result = x * p + x * q over the curve.
* This works faster than two multiplications and addition.
*/
-void ecc_point_mult_shamir(const struct ecc_point *result,
- const u64 *x, const struct ecc_point *p,
- const u64 *y, const struct ecc_point *q,
- const struct ecc_curve *curve);
+DECLARE_CRYPTO_API(ecc_point_mult_shamir, void,
+ (const struct ecc_point *result, const u64 *x, const struct ecc_point *p, const u64 *y, const struct ecc_point *q, const struct ecc_curve *curve),
+ (result, x, p, y, q, curve));
extern struct crypto_template ecdsa_x962_tmpl;
extern struct crypto_template ecdsa_p1363_tmpl;
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 047/104] crypto: fips140: convert crypto/ecb.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ECB --source crypto/ecb.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ecb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ecb.c b/crypto/ecb.c
index cd1b20456dad..20127b20f483 100644
--- a/crypto/ecb.c
+++ b/crypto/ecb.c
@@ -219,8 +219,8 @@ static void __exit crypto_ecb_module_exit(void)
crypto_unregister_template(&crypto_ecb_tmpl);
}
-module_init(crypto_ecb_module_init);
-module_exit(crypto_ecb_module_exit);
+crypto_module_init(crypto_ecb_module_init);
+crypto_module_exit(crypto_ecb_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("ECB block cipher mode of operation");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 046/104] crypto: fips140: convert crypto/drbg.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_DRBG --source crypto/drbg.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/drbg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index dbe4c8bb5ceb..64280ce5beec 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -2132,8 +2132,8 @@ static void __exit drbg_exit(void)
crypto_unregister_rngs(drbg_algs, (ARRAY_SIZE(drbg_cores) * 2));
}
-module_init(drbg_init);
-module_exit(drbg_exit);
+crypto_module_init(drbg_init);
+crypto_module_exit(drbg_exit);
#ifndef CRYPTO_DRBG_HASH_STRING
#define CRYPTO_DRBG_HASH_STRING ""
#endif
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 045/104] crypto: fips140: convert crypto/dh_helper.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_DH --source crypto/dh_helper.c --header include/crypto/dh.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/dh_helper.c | 12 ++++++------
crypto/fips140-api.c | 13 +++++++++++++
include/crypto/dh.h | 12 +++++++++---
3 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
index 2d499879328b..d3001289d152 100644
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
@@ -31,13 +31,13 @@ static inline unsigned int dh_data_size(const struct dh *p)
return p->key_size + p->p_size + p->g_size;
}
-unsigned int crypto_dh_key_len(const struct dh *p)
+unsigned int CRYPTO_API(crypto_dh_key_len)(const struct dh *p)
{
return DH_KPP_SECRET_MIN_SIZE + dh_data_size(p);
}
-EXPORT_SYMBOL_GPL(crypto_dh_key_len);
+DEFINE_CRYPTO_API(crypto_dh_key_len);
-int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params)
+int CRYPTO_API(crypto_dh_encode_key)(char *buf, unsigned int len, const struct dh *params)
{
u8 *ptr = buf;
u8 * const end = ptr + len;
@@ -61,7 +61,7 @@ int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params)
return -EINVAL;
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_dh_encode_key);
+DEFINE_CRYPTO_API(crypto_dh_encode_key);
int __crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
{
@@ -91,7 +91,7 @@ int __crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
return 0;
}
-int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
+int CRYPTO_API(crypto_dh_decode_key)(const char *buf, unsigned int len, struct dh *params)
{
int err;
@@ -117,4 +117,4 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_dh_decode_key);
+DEFINE_CRYPTO_API(crypto_dh_decode_key);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 816a55809f4a..600c759cbc5e 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -350,3 +350,16 @@ DEFINE_CRYPTO_API_STUB(cryptd_free_aead);
#endif
+/*
+ * crypto/dh_helper.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_DH)
+
+#include <crypto/dh.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_dh_key_len);
+DEFINE_CRYPTO_API_STUB(crypto_dh_encode_key);
+DEFINE_CRYPTO_API_STUB(crypto_dh_decode_key);
+
+#endif
+
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index b5891c21cfe0..f876d46b16d6 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -50,7 +50,9 @@ struct dh {
*
* Return: size of the key in bytes
*/
-unsigned int crypto_dh_key_len(const struct dh *params);
+DECLARE_CRYPTO_API(crypto_dh_key_len, unsigned int,
+ (const struct dh *params),
+ (params));
/**
* crypto_dh_encode_key() - encode the private key
@@ -65,7 +67,9 @@ unsigned int crypto_dh_key_len(const struct dh *params);
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
-int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params);
+DECLARE_CRYPTO_API(crypto_dh_encode_key, int,
+ (char *buf, unsigned int len, const struct dh *params),
+ (buf, len, params));
/**
* crypto_dh_decode_key() - decode a private key
@@ -79,7 +83,9 @@ int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params);
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
-int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params);
+DECLARE_CRYPTO_API(crypto_dh_decode_key, int,
+ (const char *buf, unsigned int len, struct dh *params),
+ (buf, len, params));
/**
* __crypto_dh_decode_key() - decode a private key without parameter checks
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 044/104] crypto: fips140: convert crypto/dh.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_DH --source crypto/dh.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/dh.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/dh.c b/crypto/dh.c
index 1d80213574b3..4102038161bc 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -920,8 +920,8 @@ static void __exit dh_exit(void)
crypto_unregister_kpp(&dh);
}
-module_init(dh_init);
-module_exit(dh_exit);
+crypto_module_init(dh_init);
+crypto_module_exit(dh_exit);
MODULE_ALIAS_CRYPTO("dh");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("DH generic algorithm");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 043/104] crypto: fips140: convert crypto/ctr.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_CTR --source crypto/ctr.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/ctr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ctr.c b/crypto/ctr.c
index a388f0ceb3a0..fa67cf6de4b1 100644
--- a/crypto/ctr.c
+++ b/crypto/ctr.c
@@ -350,8 +350,8 @@ static void __exit crypto_ctr_module_exit(void)
ARRAY_SIZE(crypto_ctr_tmpls));
}
-module_init(crypto_ctr_module_init);
-module_exit(crypto_ctr_module_exit);
+crypto_module_init(crypto_ctr_module_init);
+crypto_module_exit(crypto_ctr_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("CTR block cipher mode of operation");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 042/104] crypto: fips140: convert crypto/cryptd.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_CRYPTD --source crypto/cryptd.c --header include/crypto/cryptd.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/cryptd.c | 58 ++++++++++++++++++++---------------------
crypto/fips140-api.c | 23 ++++++++++++++++
include/crypto/cryptd.h | 56 +++++++++++++++++++++++++++------------
3 files changed, 92 insertions(+), 45 deletions(-)
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index efff54e707cb..36aa07af29b2 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -646,7 +646,7 @@ static int cryptd_hash_import(struct ahash_request *req, const void *in)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
- struct shash_desc *desc = cryptd_shash_desc(req);
+ struct shash_desc *desc = CRYPTO_API(cryptd_shash_desc)(req);
desc->tfm = ctx->child;
@@ -952,7 +952,7 @@ static struct crypto_template cryptd_tmpl = {
.module = THIS_MODULE,
};
-struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
+struct cryptd_skcipher *CRYPTO_API(cryptd_alloc_skcipher)(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
@@ -977,34 +977,34 @@ struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
return container_of(tfm, struct cryptd_skcipher, base);
}
-EXPORT_SYMBOL_GPL(cryptd_alloc_skcipher);
+DEFINE_CRYPTO_API(cryptd_alloc_skcipher);
-struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm)
+struct crypto_skcipher *CRYPTO_API(cryptd_skcipher_child)(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
return ctx->child;
}
-EXPORT_SYMBOL_GPL(cryptd_skcipher_child);
+DEFINE_CRYPTO_API(cryptd_skcipher_child);
-bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm)
+bool CRYPTO_API(cryptd_skcipher_queued)(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
return refcount_read(&ctx->refcnt) - 1;
}
-EXPORT_SYMBOL_GPL(cryptd_skcipher_queued);
+DEFINE_CRYPTO_API(cryptd_skcipher_queued);
-void cryptd_free_skcipher(struct cryptd_skcipher *tfm)
+void CRYPTO_API(cryptd_free_skcipher)(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_skcipher(&tfm->base);
}
-EXPORT_SYMBOL_GPL(cryptd_free_skcipher);
+DEFINE_CRYPTO_API(cryptd_free_skcipher);
-struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
+struct cryptd_ahash *CRYPTO_API(cryptd_alloc_ahash)(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
@@ -1027,41 +1027,41 @@ struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
return __cryptd_ahash_cast(tfm);
}
-EXPORT_SYMBOL_GPL(cryptd_alloc_ahash);
+DEFINE_CRYPTO_API(cryptd_alloc_ahash);
-struct crypto_shash *cryptd_ahash_child(struct cryptd_ahash *tfm)
+struct crypto_shash *CRYPTO_API(cryptd_ahash_child)(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
return ctx->child;
}
-EXPORT_SYMBOL_GPL(cryptd_ahash_child);
+DEFINE_CRYPTO_API(cryptd_ahash_child);
-struct shash_desc *cryptd_shash_desc(struct ahash_request *req)
+struct shash_desc *CRYPTO_API(cryptd_shash_desc)(struct ahash_request *req)
{
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
return &rctx->desc;
}
-EXPORT_SYMBOL_GPL(cryptd_shash_desc);
+DEFINE_CRYPTO_API(cryptd_shash_desc);
-bool cryptd_ahash_queued(struct cryptd_ahash *tfm)
+bool CRYPTO_API(cryptd_ahash_queued)(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
return refcount_read(&ctx->refcnt) - 1;
}
-EXPORT_SYMBOL_GPL(cryptd_ahash_queued);
+DEFINE_CRYPTO_API(cryptd_ahash_queued);
-void cryptd_free_ahash(struct cryptd_ahash *tfm)
+void CRYPTO_API(cryptd_free_ahash)(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_ahash(&tfm->base);
}
-EXPORT_SYMBOL_GPL(cryptd_free_ahash);
+DEFINE_CRYPTO_API(cryptd_free_ahash);
-struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
+struct cryptd_aead *CRYPTO_API(cryptd_alloc_aead)(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
@@ -1084,32 +1084,32 @@ struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
return __cryptd_aead_cast(tfm);
}
-EXPORT_SYMBOL_GPL(cryptd_alloc_aead);
+DEFINE_CRYPTO_API(cryptd_alloc_aead);
-struct crypto_aead *cryptd_aead_child(struct cryptd_aead *tfm)
+struct crypto_aead *CRYPTO_API(cryptd_aead_child)(struct cryptd_aead *tfm)
{
struct cryptd_aead_ctx *ctx;
ctx = crypto_aead_ctx(&tfm->base);
return ctx->child;
}
-EXPORT_SYMBOL_GPL(cryptd_aead_child);
+DEFINE_CRYPTO_API(cryptd_aead_child);
-bool cryptd_aead_queued(struct cryptd_aead *tfm)
+bool CRYPTO_API(cryptd_aead_queued)(struct cryptd_aead *tfm)
{
struct cryptd_aead_ctx *ctx = crypto_aead_ctx(&tfm->base);
return refcount_read(&ctx->refcnt) - 1;
}
-EXPORT_SYMBOL_GPL(cryptd_aead_queued);
+DEFINE_CRYPTO_API(cryptd_aead_queued);
-void cryptd_free_aead(struct cryptd_aead *tfm)
+void CRYPTO_API(cryptd_free_aead)(struct cryptd_aead *tfm)
{
struct cryptd_aead_ctx *ctx = crypto_aead_ctx(&tfm->base);
if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_aead(&tfm->base);
}
-EXPORT_SYMBOL_GPL(cryptd_free_aead);
+DEFINE_CRYPTO_API(cryptd_free_aead);
static int __init cryptd_init(void)
{
@@ -1144,8 +1144,8 @@ static void __exit cryptd_exit(void)
crypto_unregister_template(&cryptd_tmpl);
}
-module_init(cryptd_init);
-module_exit(cryptd_exit);
+crypto_module_init(cryptd_init);
+crypto_module_exit(cryptd_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Software async crypto daemon");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index c05fc645a5b6..816a55809f4a 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -327,3 +327,26 @@ DEFINE_CRYPTO_API_STUB(crypto_clone_cipher);
#endif
+/*
+ * crypto/cryptd.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_CRYPTD)
+
+#include <crypto/cryptd.h>
+
+DEFINE_CRYPTO_API_STUB(cryptd_alloc_skcipher);
+DEFINE_CRYPTO_API_STUB(cryptd_skcipher_child);
+DEFINE_CRYPTO_API_STUB(cryptd_skcipher_queued);
+DEFINE_CRYPTO_API_STUB(cryptd_free_skcipher);
+DEFINE_CRYPTO_API_STUB(cryptd_alloc_ahash);
+DEFINE_CRYPTO_API_STUB(cryptd_ahash_child);
+DEFINE_CRYPTO_API_STUB(cryptd_shash_desc);
+DEFINE_CRYPTO_API_STUB(cryptd_ahash_queued);
+DEFINE_CRYPTO_API_STUB(cryptd_free_ahash);
+DEFINE_CRYPTO_API_STUB(cryptd_alloc_aead);
+DEFINE_CRYPTO_API_STUB(cryptd_aead_child);
+DEFINE_CRYPTO_API_STUB(cryptd_aead_queued);
+DEFINE_CRYPTO_API_STUB(cryptd_free_aead);
+
+#endif
+
diff --git a/include/crypto/cryptd.h b/include/crypto/cryptd.h
index 796d986e58e1..42de15e2cd52 100644
--- a/include/crypto/cryptd.h
+++ b/include/crypto/cryptd.h
@@ -13,6 +13,7 @@
#ifndef _CRYPTO_CRYPT_H
#define _CRYPTO_CRYPT_H
+#include <crypto/api.h>
#include <linux/types.h>
#include <crypto/aead.h>
@@ -24,12 +25,19 @@ struct cryptd_skcipher {
};
/* alg_name should be algorithm to be cryptd-ed */
-struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
- u32 type, u32 mask);
-struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm);
+DECLARE_CRYPTO_API(cryptd_alloc_skcipher, struct cryptd_skcipher *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
+DECLARE_CRYPTO_API(cryptd_skcipher_child, struct crypto_skcipher *,
+ (struct cryptd_skcipher *tfm),
+ (tfm));
/* Must be called without moving CPUs. */
-bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm);
-void cryptd_free_skcipher(struct cryptd_skcipher *tfm);
+DECLARE_CRYPTO_API(cryptd_skcipher_queued, bool,
+ (struct cryptd_skcipher *tfm),
+ (tfm));
+DECLARE_CRYPTO_API(cryptd_free_skcipher, void,
+ (struct cryptd_skcipher *tfm),
+ (tfm));
struct cryptd_ahash {
struct crypto_ahash base;
@@ -42,13 +50,22 @@ static inline struct cryptd_ahash *__cryptd_ahash_cast(
}
/* alg_name should be algorithm to be cryptd-ed */
-struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
- u32 type, u32 mask);
-struct crypto_shash *cryptd_ahash_child(struct cryptd_ahash *tfm);
-struct shash_desc *cryptd_shash_desc(struct ahash_request *req);
+DECLARE_CRYPTO_API(cryptd_alloc_ahash, struct cryptd_ahash *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
+DECLARE_CRYPTO_API(cryptd_ahash_child, struct crypto_shash *,
+ (struct cryptd_ahash *tfm),
+ (tfm));
+DECLARE_CRYPTO_API(cryptd_shash_desc, struct shash_desc *,
+ (struct ahash_request *req),
+ (req));
/* Must be called without moving CPUs. */
-bool cryptd_ahash_queued(struct cryptd_ahash *tfm);
-void cryptd_free_ahash(struct cryptd_ahash *tfm);
+DECLARE_CRYPTO_API(cryptd_ahash_queued, bool,
+ (struct cryptd_ahash *tfm),
+ (tfm));
+DECLARE_CRYPTO_API(cryptd_free_ahash, void,
+ (struct cryptd_ahash *tfm),
+ (tfm));
struct cryptd_aead {
struct crypto_aead base;
@@ -60,13 +77,20 @@ static inline struct cryptd_aead *__cryptd_aead_cast(
return (struct cryptd_aead *)tfm;
}
-struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(cryptd_alloc_aead, struct cryptd_aead *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
-struct crypto_aead *cryptd_aead_child(struct cryptd_aead *tfm);
+DECLARE_CRYPTO_API(cryptd_aead_child, struct crypto_aead *,
+ (struct cryptd_aead *tfm),
+ (tfm));
/* Must be called without moving CPUs. */
-bool cryptd_aead_queued(struct cryptd_aead *tfm);
+DECLARE_CRYPTO_API(cryptd_aead_queued, bool,
+ (struct cryptd_aead *tfm),
+ (tfm));
-void cryptd_free_aead(struct cryptd_aead *tfm);
+DECLARE_CRYPTO_API(cryptd_free_aead, void,
+ (struct cryptd_aead *tfm),
+ (tfm));
#endif
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 033/104] crypto: fips140: convert crypto/algapi.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_ALGAPI2 --source crypto/algapi.c --header include/crypto/algapi.h crypto/internal.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/algapi.c | 128 ++++++++++++++++++++--------------------
crypto/fips140-api.c | 44 ++++++++++++++
crypto/internal.h | 25 +++++---
include/crypto/algapi.h | 117 +++++++++++++++++++++++++-----------
4 files changed, 207 insertions(+), 107 deletions(-)
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 8b4a1903557e..f24fca384a88 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -174,7 +174,7 @@ static void crypto_remove_instance(struct crypto_instance *inst,
* that is depended on by nalg. This is useful when nalg itself
* depends on alg.
*/
-void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
+void CRYPTO_API(crypto_remove_spawns)(struct crypto_alg *alg, struct list_head *list,
struct crypto_alg *nalg)
{
u32 new_type = (nalg ?: alg)->cra_flags;
@@ -252,7 +252,7 @@ void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
crypto_remove_instance(spawn->inst, list);
}
}
-EXPORT_SYMBOL_GPL(crypto_remove_spawns);
+DEFINE_CRYPTO_API(crypto_remove_spawns);
static void crypto_alg_finish_registration(struct crypto_alg *alg,
struct list_head *algs_to_put)
@@ -366,7 +366,7 @@ __crypto_register_alg(struct crypto_alg *alg, struct list_head *algs_to_put)
goto out;
}
-void crypto_alg_tested(struct crypto_alg *alg, int err)
+void CRYPTO_API(crypto_alg_tested)(struct crypto_alg *alg, int err)
{
struct crypto_larval *test;
struct crypto_alg *q;
@@ -412,9 +412,9 @@ void crypto_alg_tested(struct crypto_alg *alg, int err)
crypto_alg_put(&test->alg);
crypto_remove_final(&list);
}
-EXPORT_SYMBOL_GPL(crypto_alg_tested);
+DEFINE_CRYPTO_API(crypto_alg_tested);
-void crypto_remove_final(struct list_head *list)
+void CRYPTO_API(crypto_remove_final)(struct list_head *list)
{
struct crypto_alg *alg;
struct crypto_alg *n;
@@ -424,7 +424,7 @@ void crypto_remove_final(struct list_head *list)
crypto_alg_put(alg);
}
}
-EXPORT_SYMBOL_GPL(crypto_remove_final);
+DEFINE_CRYPTO_API(crypto_remove_final);
static void crypto_free_alg(struct crypto_alg *alg)
{
@@ -435,7 +435,7 @@ static void crypto_free_alg(struct crypto_alg *alg)
kfree(p);
}
-int crypto_register_alg(struct crypto_alg *alg)
+int CRYPTO_API(crypto_register_alg)(struct crypto_alg *alg)
{
struct crypto_larval *larval;
bool test_started = false;
@@ -490,7 +490,7 @@ int crypto_register_alg(struct crypto_alg *alg)
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_register_alg);
+DEFINE_CRYPTO_API(crypto_register_alg);
static int crypto_remove_alg(struct crypto_alg *alg, struct list_head *list)
{
@@ -505,7 +505,7 @@ static int crypto_remove_alg(struct crypto_alg *alg, struct list_head *list)
return 0;
}
-void crypto_unregister_alg(struct crypto_alg *alg)
+void CRYPTO_API(crypto_unregister_alg)(struct crypto_alg *alg)
{
int ret;
LIST_HEAD(list);
@@ -522,9 +522,9 @@ void crypto_unregister_alg(struct crypto_alg *alg)
list_add(&alg->cra_list, &list);
crypto_remove_final(&list);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_alg);
+DEFINE_CRYPTO_API(crypto_unregister_alg);
-int crypto_register_algs(struct crypto_alg *algs, int count)
+int CRYPTO_API(crypto_register_algs)(struct crypto_alg *algs, int count)
{
int i, ret;
@@ -542,18 +542,18 @@ int crypto_register_algs(struct crypto_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_algs);
+DEFINE_CRYPTO_API(crypto_register_algs);
-void crypto_unregister_algs(struct crypto_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_algs)(struct crypto_alg *algs, int count)
{
int i;
for (i = 0; i < count; i++)
crypto_unregister_alg(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_algs);
+DEFINE_CRYPTO_API(crypto_unregister_algs);
-int crypto_register_template(struct crypto_template *tmpl)
+int CRYPTO_API(crypto_register_template)(struct crypto_template *tmpl)
{
struct crypto_template *q;
int err = -EEXIST;
@@ -581,9 +581,9 @@ int crypto_register_template(struct crypto_template *tmpl)
up_write(&crypto_alg_sem);
return err;
}
-EXPORT_SYMBOL_GPL(crypto_register_template);
+DEFINE_CRYPTO_API(crypto_register_template);
-int crypto_register_templates(struct crypto_template *tmpls, int count)
+int CRYPTO_API(crypto_register_templates)(struct crypto_template *tmpls, int count)
{
int i, err;
@@ -599,9 +599,9 @@ int crypto_register_templates(struct crypto_template *tmpls, int count)
crypto_unregister_template(&tmpls[i]);
return err;
}
-EXPORT_SYMBOL_GPL(crypto_register_templates);
+DEFINE_CRYPTO_API(crypto_register_templates);
-void crypto_unregister_template(struct crypto_template *tmpl)
+void CRYPTO_API(crypto_unregister_template)(struct crypto_template *tmpl)
{
struct crypto_instance *inst;
struct hlist_node *n;
@@ -630,16 +630,16 @@ void crypto_unregister_template(struct crypto_template *tmpl)
flush_work(&tmpl->free_work);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_template);
+DEFINE_CRYPTO_API(crypto_unregister_template);
-void crypto_unregister_templates(struct crypto_template *tmpls, int count)
+void CRYPTO_API(crypto_unregister_templates)(struct crypto_template *tmpls, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_template(&tmpls[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_templates);
+DEFINE_CRYPTO_API(crypto_unregister_templates);
static struct crypto_template *__crypto_lookup_template(const char *name)
{
@@ -660,14 +660,14 @@ static struct crypto_template *__crypto_lookup_template(const char *name)
return tmpl;
}
-struct crypto_template *crypto_lookup_template(const char *name)
+struct crypto_template *CRYPTO_API(crypto_lookup_template)(const char *name)
{
return try_then_request_module(__crypto_lookup_template(name),
"crypto-%s", name);
}
-EXPORT_SYMBOL_GPL(crypto_lookup_template);
+DEFINE_CRYPTO_API(crypto_lookup_template);
-int crypto_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(crypto_register_instance)(struct crypto_template *tmpl,
struct crypto_instance *inst)
{
struct crypto_larval *larval;
@@ -748,9 +748,9 @@ int crypto_register_instance(struct crypto_template *tmpl,
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_register_instance);
+DEFINE_CRYPTO_API(crypto_register_instance);
-void crypto_unregister_instance(struct crypto_instance *inst)
+void CRYPTO_API(crypto_unregister_instance)(struct crypto_instance *inst)
{
LIST_HEAD(list);
@@ -763,9 +763,9 @@ void crypto_unregister_instance(struct crypto_instance *inst)
crypto_remove_final(&list);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_instance);
+DEFINE_CRYPTO_API(crypto_unregister_instance);
-int crypto_grab_spawn(struct crypto_spawn *spawn, struct crypto_instance *inst,
+int CRYPTO_API(crypto_grab_spawn)(struct crypto_spawn *spawn, struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
struct crypto_alg *alg;
@@ -799,9 +799,9 @@ int crypto_grab_spawn(struct crypto_spawn *spawn, struct crypto_instance *inst,
crypto_mod_put(alg);
return err;
}
-EXPORT_SYMBOL_GPL(crypto_grab_spawn);
+DEFINE_CRYPTO_API(crypto_grab_spawn);
-void crypto_drop_spawn(struct crypto_spawn *spawn)
+void CRYPTO_API(crypto_drop_spawn)(struct crypto_spawn *spawn)
{
if (!spawn->alg) /* not yet initialized? */
return;
@@ -814,7 +814,7 @@ void crypto_drop_spawn(struct crypto_spawn *spawn)
if (!spawn->registered)
crypto_mod_put(spawn->alg);
}
-EXPORT_SYMBOL_GPL(crypto_drop_spawn);
+DEFINE_CRYPTO_API(crypto_drop_spawn);
static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn)
{
@@ -841,7 +841,7 @@ static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn)
return alg;
}
-struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
+struct crypto_tfm *CRYPTO_API(crypto_spawn_tfm)(struct crypto_spawn *spawn, u32 type,
u32 mask)
{
struct crypto_alg *alg;
@@ -865,9 +865,9 @@ struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
crypto_mod_put(alg);
return tfm;
}
-EXPORT_SYMBOL_GPL(crypto_spawn_tfm);
+DEFINE_CRYPTO_API(crypto_spawn_tfm);
-void *crypto_spawn_tfm2(struct crypto_spawn *spawn)
+void *CRYPTO_API(crypto_spawn_tfm2)(struct crypto_spawn *spawn)
{
struct crypto_alg *alg;
struct crypto_tfm *tfm;
@@ -886,21 +886,21 @@ void *crypto_spawn_tfm2(struct crypto_spawn *spawn)
crypto_mod_put(alg);
return tfm;
}
-EXPORT_SYMBOL_GPL(crypto_spawn_tfm2);
+DEFINE_CRYPTO_API(crypto_spawn_tfm2);
-int crypto_register_notifier(struct notifier_block *nb)
+int CRYPTO_API(crypto_register_notifier)(struct notifier_block *nb)
{
return blocking_notifier_chain_register(&crypto_chain, nb);
}
-EXPORT_SYMBOL_GPL(crypto_register_notifier);
+DEFINE_CRYPTO_API(crypto_register_notifier);
-int crypto_unregister_notifier(struct notifier_block *nb)
+int CRYPTO_API(crypto_unregister_notifier)(struct notifier_block *nb)
{
return blocking_notifier_chain_unregister(&crypto_chain, nb);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_notifier);
+DEFINE_CRYPTO_API(crypto_unregister_notifier);
-struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb)
+struct crypto_attr_type *CRYPTO_API(crypto_get_attr_type)(struct rtattr **tb)
{
struct rtattr *rta = tb[0];
struct crypto_attr_type *algt;
@@ -916,7 +916,7 @@ struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb)
return algt;
}
-EXPORT_SYMBOL_GPL(crypto_get_attr_type);
+DEFINE_CRYPTO_API(crypto_get_attr_type);
/**
* crypto_check_attr_type() - check algorithm type and compute inherited mask
@@ -934,7 +934,7 @@ EXPORT_SYMBOL_GPL(crypto_get_attr_type);
*
* Return: 0 on success; -errno on failure
*/
-int crypto_check_attr_type(struct rtattr **tb, u32 type, u32 *mask_ret)
+int CRYPTO_API(crypto_check_attr_type)(struct rtattr **tb, u32 type, u32 *mask_ret)
{
struct crypto_attr_type *algt;
@@ -948,9 +948,9 @@ int crypto_check_attr_type(struct rtattr **tb, u32 type, u32 *mask_ret)
*mask_ret = crypto_algt_inherited_mask(algt);
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_check_attr_type);
+DEFINE_CRYPTO_API(crypto_check_attr_type);
-const char *crypto_attr_alg_name(struct rtattr *rta)
+const char *CRYPTO_API(crypto_attr_alg_name)(struct rtattr *rta)
{
struct crypto_attr_alg *alga;
@@ -966,9 +966,9 @@ const char *crypto_attr_alg_name(struct rtattr *rta)
return alga->name;
}
-EXPORT_SYMBOL_GPL(crypto_attr_alg_name);
+DEFINE_CRYPTO_API(crypto_attr_alg_name);
-int __crypto_inst_setname(struct crypto_instance *inst, const char *name,
+int CRYPTO_API(__crypto_inst_setname)(struct crypto_instance *inst, const char *name,
const char *driver, struct crypto_alg *alg)
{
if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", name,
@@ -981,18 +981,18 @@ int __crypto_inst_setname(struct crypto_instance *inst, const char *name,
return 0;
}
-EXPORT_SYMBOL_GPL(__crypto_inst_setname);
+DEFINE_CRYPTO_API(__crypto_inst_setname);
-void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen)
+void CRYPTO_API(crypto_init_queue)(struct crypto_queue *queue, unsigned int max_qlen)
{
INIT_LIST_HEAD(&queue->list);
queue->backlog = &queue->list;
queue->qlen = 0;
queue->max_qlen = max_qlen;
}
-EXPORT_SYMBOL_GPL(crypto_init_queue);
+DEFINE_CRYPTO_API(crypto_init_queue);
-int crypto_enqueue_request(struct crypto_queue *queue,
+int CRYPTO_API(crypto_enqueue_request)(struct crypto_queue *queue,
struct crypto_async_request *request)
{
int err = -EINPROGRESS;
@@ -1013,9 +1013,9 @@ int crypto_enqueue_request(struct crypto_queue *queue,
out:
return err;
}
-EXPORT_SYMBOL_GPL(crypto_enqueue_request);
+DEFINE_CRYPTO_API(crypto_enqueue_request);
-void crypto_enqueue_request_head(struct crypto_queue *queue,
+void CRYPTO_API(crypto_enqueue_request_head)(struct crypto_queue *queue,
struct crypto_async_request *request)
{
if (unlikely(queue->qlen >= queue->max_qlen))
@@ -1024,9 +1024,9 @@ void crypto_enqueue_request_head(struct crypto_queue *queue,
queue->qlen++;
list_add(&request->list, &queue->list);
}
-EXPORT_SYMBOL_GPL(crypto_enqueue_request_head);
+DEFINE_CRYPTO_API(crypto_enqueue_request_head);
-struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue)
+struct crypto_async_request *CRYPTO_API(crypto_dequeue_request)(struct crypto_queue *queue)
{
struct list_head *request;
@@ -1043,7 +1043,7 @@ struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue)
return list_entry(request, struct crypto_async_request, list);
}
-EXPORT_SYMBOL_GPL(crypto_dequeue_request);
+DEFINE_CRYPTO_API(crypto_dequeue_request);
static inline void crypto_inc_byte(u8 *a, unsigned int size)
{
@@ -1058,7 +1058,7 @@ static inline void crypto_inc_byte(u8 *a, unsigned int size)
}
}
-void crypto_inc(u8 *a, unsigned int size)
+void CRYPTO_API(crypto_inc)(u8 *a, unsigned int size)
{
__be32 *b = (__be32 *)(a + size);
u32 c;
@@ -1074,16 +1074,16 @@ void crypto_inc(u8 *a, unsigned int size)
crypto_inc_byte(a, size);
}
-EXPORT_SYMBOL_GPL(crypto_inc);
+DEFINE_CRYPTO_API(crypto_inc);
-unsigned int crypto_alg_extsize(struct crypto_alg *alg)
+unsigned int CRYPTO_API(crypto_alg_extsize)(struct crypto_alg *alg)
{
return alg->cra_ctxsize +
(alg->cra_alignmask & ~(crypto_tfm_ctx_alignment() - 1));
}
-EXPORT_SYMBOL_GPL(crypto_alg_extsize);
+DEFINE_CRYPTO_API(crypto_alg_extsize);
-int crypto_type_has_alg(const char *name, const struct crypto_type *frontend,
+int CRYPTO_API(crypto_type_has_alg)(const char *name, const struct crypto_type *frontend,
u32 type, u32 mask)
{
int ret = 0;
@@ -1096,7 +1096,7 @@ int crypto_type_has_alg(const char *name, const struct crypto_type *frontend,
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_type_has_alg);
+DEFINE_CRYPTO_API(crypto_type_has_alg);
static void __init crypto_start_tests(void)
{
@@ -1166,8 +1166,8 @@ static void __exit crypto_algapi_exit(void)
* We run this at late_initcall so that all the built-in algorithms
* have had a chance to register themselves first.
*/
-late_initcall(crypto_algapi_init);
-module_exit(crypto_algapi_exit);
+crypto_late_initcall(crypto_algapi_init);
+crypto_module_exit(crypto_algapi_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Cryptographic algorithms API");
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 3c3445523803..1c7907b5e1dc 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -223,3 +223,47 @@ DEFINE_CRYPTO_API_STUB(akcipher_register_instance);
#endif
+/*
+ * crypto/algapi.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI2)
+
+#include <crypto/algapi.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_register_alg);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_alg);
+DEFINE_CRYPTO_API_STUB(crypto_register_algs);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_algs);
+DEFINE_CRYPTO_API_STUB(crypto_register_template);
+DEFINE_CRYPTO_API_STUB(crypto_register_templates);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_template);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_templates);
+DEFINE_CRYPTO_API_STUB(crypto_lookup_template);
+DEFINE_CRYPTO_API_STUB(crypto_register_instance);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_instance);
+DEFINE_CRYPTO_API_STUB(crypto_grab_spawn);
+DEFINE_CRYPTO_API_STUB(crypto_drop_spawn);
+DEFINE_CRYPTO_API_STUB(crypto_spawn_tfm);
+DEFINE_CRYPTO_API_STUB(crypto_spawn_tfm2);
+DEFINE_CRYPTO_API_STUB(crypto_get_attr_type);
+DEFINE_CRYPTO_API_STUB(crypto_check_attr_type);
+DEFINE_CRYPTO_API_STUB(crypto_attr_alg_name);
+DEFINE_CRYPTO_API_STUB(__crypto_inst_setname);
+DEFINE_CRYPTO_API_STUB(crypto_init_queue);
+DEFINE_CRYPTO_API_STUB(crypto_enqueue_request);
+DEFINE_CRYPTO_API_STUB(crypto_enqueue_request_head);
+DEFINE_CRYPTO_API_STUB(crypto_dequeue_request);
+DEFINE_CRYPTO_API_STUB(crypto_inc);
+DEFINE_CRYPTO_API_STUB(crypto_register_notifier);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_notifier);
+
+#include <crypto/internal.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alg_tested);
+DEFINE_CRYPTO_API_STUB(crypto_remove_spawns);
+DEFINE_CRYPTO_API_STUB(crypto_remove_final);
+DEFINE_CRYPTO_API_STUB(crypto_alg_extsize);
+DEFINE_CRYPTO_API_STUB(crypto_type_has_alg);
+
+#endif
+
diff --git a/crypto/internal.h b/crypto/internal.h
index 1000ce8de06c..d823931fd0e2 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_INTERNAL_H
#define _CRYPTO_INTERNAL_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
#include <linux/completion.h>
#include <linux/err.h>
@@ -114,11 +115,16 @@ struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask);
struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask);
void crypto_schedule_test(struct crypto_larval *larval);
-void crypto_alg_tested(struct crypto_alg *alg, int err);
-
-void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
- struct crypto_alg *nalg);
-void crypto_remove_final(struct list_head *list);
+DECLARE_CRYPTO_API(crypto_alg_tested, void,
+ (struct crypto_alg *alg, int err),
+ (alg, err));
+
+DECLARE_CRYPTO_API(crypto_remove_spawns, void,
+ (struct crypto_alg *alg, struct list_head *list, struct crypto_alg *nalg),
+ (alg, list, nalg));
+DECLARE_CRYPTO_API(crypto_remove_final, void,
+ (struct list_head *list),
+ (list));
void crypto_shoot_alg(struct crypto_alg *alg);
struct crypto_tfm *__crypto_alloc_tfmgfp(struct crypto_alg *alg, u32 type,
u32 mask, gfp_t gfp);
@@ -151,10 +157,13 @@ static inline void *crypto_alloc_tfm(const char *alg_name,
int crypto_probing_notify(unsigned long val, void *v);
-unsigned int crypto_alg_extsize(struct crypto_alg *alg);
+DECLARE_CRYPTO_API(crypto_alg_extsize, unsigned int,
+ (struct crypto_alg *alg),
+ (alg));
-int crypto_type_has_alg(const char *name, const struct crypto_type *frontend,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_type_has_alg, int,
+ (const char *name, const struct crypto_type *frontend, u32 type, u32 mask),
+ (name, frontend, type, mask));
static inline struct crypto_alg *crypto_alg_get(struct crypto_alg *alg)
{
diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h
index fc4574940636..9d7505b7f029 100644
--- a/include/crypto/algapi.h
+++ b/include/crypto/algapi.h
@@ -7,6 +7,7 @@
#ifndef _CRYPTO_ALGAPI_H
#define _CRYPTO_ALGAPI_H
+#include <crypto/api.h>
#include <crypto/utils.h>
#include <linux/align.h>
#include <linux/cache.h>
@@ -119,35 +120,69 @@ struct crypto_attr_type {
/*
* Algorithm registration interface.
*/
-int crypto_register_alg(struct crypto_alg *alg);
-void crypto_unregister_alg(struct crypto_alg *alg);
-int crypto_register_algs(struct crypto_alg *algs, int count);
-void crypto_unregister_algs(struct crypto_alg *algs, int count);
+DECLARE_CRYPTO_API(crypto_register_alg, int,
+ (struct crypto_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_alg, void,
+ (struct crypto_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_algs, int,
+ (struct crypto_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_algs, void,
+ (struct crypto_alg *algs, int count),
+ (algs, count));
void crypto_mod_put(struct crypto_alg *alg);
-int crypto_register_template(struct crypto_template *tmpl);
-int crypto_register_templates(struct crypto_template *tmpls, int count);
-void crypto_unregister_template(struct crypto_template *tmpl);
-void crypto_unregister_templates(struct crypto_template *tmpls, int count);
-struct crypto_template *crypto_lookup_template(const char *name);
-
-int crypto_register_instance(struct crypto_template *tmpl,
- struct crypto_instance *inst);
-void crypto_unregister_instance(struct crypto_instance *inst);
-
-int crypto_grab_spawn(struct crypto_spawn *spawn, struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
-void crypto_drop_spawn(struct crypto_spawn *spawn);
-struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
- u32 mask);
-void *crypto_spawn_tfm2(struct crypto_spawn *spawn);
-
-struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb);
-int crypto_check_attr_type(struct rtattr **tb, u32 type, u32 *mask_ret);
-const char *crypto_attr_alg_name(struct rtattr *rta);
-int __crypto_inst_setname(struct crypto_instance *inst, const char *name,
- const char *driver, struct crypto_alg *alg);
+DECLARE_CRYPTO_API(crypto_register_template, int,
+ (struct crypto_template *tmpl),
+ (tmpl));
+DECLARE_CRYPTO_API(crypto_register_templates, int,
+ (struct crypto_template *tmpls, int count),
+ (tmpls, count));
+DECLARE_CRYPTO_API(crypto_unregister_template, void,
+ (struct crypto_template *tmpl),
+ (tmpl));
+DECLARE_CRYPTO_API(crypto_unregister_templates, void,
+ (struct crypto_template *tmpls, int count),
+ (tmpls, count));
+DECLARE_CRYPTO_API(crypto_lookup_template, struct crypto_template *,
+ (const char *name),
+ (name));
+
+DECLARE_CRYPTO_API(crypto_register_instance, int,
+ (struct crypto_template *tmpl, struct crypto_instance *inst),
+ (tmpl, inst));
+DECLARE_CRYPTO_API(crypto_unregister_instance, void,
+ (struct crypto_instance *inst),
+ (inst));
+
+DECLARE_CRYPTO_API(crypto_grab_spawn, int,
+ (struct crypto_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
+DECLARE_CRYPTO_API(crypto_drop_spawn, void,
+ (struct crypto_spawn *spawn),
+ (spawn));
+DECLARE_CRYPTO_API(crypto_spawn_tfm, struct crypto_tfm *,
+ (struct crypto_spawn *spawn, u32 type, u32 mask),
+ (spawn, type, mask));
+DECLARE_CRYPTO_API(crypto_spawn_tfm2, void *,
+ (struct crypto_spawn *spawn),
+ (spawn));
+
+DECLARE_CRYPTO_API(crypto_get_attr_type, struct crypto_attr_type *,
+ (struct rtattr **tb),
+ (tb));
+DECLARE_CRYPTO_API(crypto_check_attr_type, int,
+ (struct rtattr **tb, u32 type, u32 *mask_ret),
+ (tb, type, mask_ret));
+DECLARE_CRYPTO_API(crypto_attr_alg_name, const char *,
+ (struct rtattr *rta),
+ (rta));
+DECLARE_CRYPTO_API(__crypto_inst_setname, int,
+ (struct crypto_instance *inst, const char *name, const char *driver, struct crypto_alg *alg),
+ (inst, name, driver, alg));
#define crypto_inst_setname(inst, name, ...) \
CONCATENATE(crypto_inst_setname_, COUNT_ARGS(__VA_ARGS__))( \
@@ -157,18 +192,26 @@ int __crypto_inst_setname(struct crypto_instance *inst, const char *name,
#define crypto_inst_setname_2(inst, name, driver, alg) \
__crypto_inst_setname(inst, name, driver, alg)
-void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen);
-int crypto_enqueue_request(struct crypto_queue *queue,
- struct crypto_async_request *request);
-void crypto_enqueue_request_head(struct crypto_queue *queue,
- struct crypto_async_request *request);
-struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue);
+DECLARE_CRYPTO_API(crypto_init_queue, void,
+ (struct crypto_queue *queue, unsigned int max_qlen),
+ (queue, max_qlen));
+DECLARE_CRYPTO_API(crypto_enqueue_request, int,
+ (struct crypto_queue *queue, struct crypto_async_request *request),
+ (queue, request));
+DECLARE_CRYPTO_API(crypto_enqueue_request_head, void,
+ (struct crypto_queue *queue, struct crypto_async_request *request),
+ (queue, request));
+DECLARE_CRYPTO_API(crypto_dequeue_request, struct crypto_async_request *,
+ (struct crypto_queue *queue),
+ (queue));
static inline unsigned int crypto_queue_len(struct crypto_queue *queue)
{
return queue->qlen;
}
-void crypto_inc(u8 *a, unsigned int size);
+DECLARE_CRYPTO_API(crypto_inc, void,
+ (u8 *a, unsigned int size),
+ (a, size));
static inline void *crypto_tfm_ctx(struct crypto_tfm *tfm)
{
@@ -242,8 +285,12 @@ static inline u32 crypto_algt_inherited_mask(struct crypto_attr_type *algt)
return crypto_requires_off(algt, CRYPTO_ALG_INHERITED_FLAGS);
}
-int crypto_register_notifier(struct notifier_block *nb);
-int crypto_unregister_notifier(struct notifier_block *nb);
+DECLARE_CRYPTO_API(crypto_register_notifier, int,
+ (struct notifier_block *nb),
+ (nb));
+DECLARE_CRYPTO_API(crypto_unregister_notifier, int,
+ (struct notifier_block *nb),
+ (nb));
/* Crypto notification events. */
enum {
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 041/104] crypto: fips140: convert crypto/cmac.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_CMAC --source crypto/cmac.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/cmac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/cmac.c b/crypto/cmac.c
index 1b03964abe00..f898c4612312 100644
--- a/crypto/cmac.c
+++ b/crypto/cmac.c
@@ -251,8 +251,8 @@ static void __exit crypto_cmac_module_exit(void)
crypto_unregister_template(&crypto_cmac_tmpl);
}
-module_init(crypto_cmac_module_init);
-module_exit(crypto_cmac_module_exit);
+crypto_module_init(crypto_cmac_module_init);
+crypto_module_exit(crypto_cmac_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("CMAC keyed hash algorithm");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 040/104] crypto: fips140: convert crypto/cipher.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO --source crypto/cipher.c --header include/crypto/internal/cipher.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/cipher.c | 16 ++++++++--------
crypto/fips140-api.c | 14 ++++++++++++++
include/crypto/internal/cipher.h | 20 +++++++++++++-------
3 files changed, 35 insertions(+), 15 deletions(-)
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 1fe62bf79656..7aeb577ac388 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -39,7 +39,7 @@ static int setkey_unaligned(struct crypto_cipher *tfm, const u8 *key,
}
-int crypto_cipher_setkey(struct crypto_cipher *tfm,
+int CRYPTO_API(crypto_cipher_setkey)(struct crypto_cipher *tfm,
const u8 *key, unsigned int keylen)
{
struct cipher_alg *cia = crypto_cipher_alg(tfm);
@@ -53,7 +53,7 @@ int crypto_cipher_setkey(struct crypto_cipher *tfm,
return cia->cia_setkey(crypto_cipher_tfm(tfm), key, keylen);
}
-EXPORT_SYMBOL_NS_GPL(crypto_cipher_setkey, "CRYPTO_INTERNAL");
+DEFINE_CRYPTO_API(crypto_cipher_setkey);
static inline void cipher_crypt_one(struct crypto_cipher *tfm,
u8 *dst, const u8 *src, bool enc)
@@ -76,21 +76,21 @@ static inline void cipher_crypt_one(struct crypto_cipher *tfm,
}
}
-void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
+void CRYPTO_API(crypto_cipher_encrypt_one)(struct crypto_cipher *tfm,
u8 *dst, const u8 *src)
{
cipher_crypt_one(tfm, dst, src, true);
}
-EXPORT_SYMBOL_NS_GPL(crypto_cipher_encrypt_one, "CRYPTO_INTERNAL");
+DEFINE_CRYPTO_API(crypto_cipher_encrypt_one);
-void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
+void CRYPTO_API(crypto_cipher_decrypt_one)(struct crypto_cipher *tfm,
u8 *dst, const u8 *src)
{
cipher_crypt_one(tfm, dst, src, false);
}
-EXPORT_SYMBOL_NS_GPL(crypto_cipher_decrypt_one, "CRYPTO_INTERNAL");
+DEFINE_CRYPTO_API(crypto_cipher_decrypt_one);
-struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher)
+struct crypto_cipher *CRYPTO_API(crypto_clone_cipher)(struct crypto_cipher *cipher)
{
struct crypto_tfm *tfm = crypto_cipher_tfm(cipher);
struct crypto_alg *alg = tfm->__crt_alg;
@@ -116,4 +116,4 @@ struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher)
return ncipher;
}
-EXPORT_SYMBOL_GPL(crypto_clone_cipher);
+DEFINE_CRYPTO_API(crypto_clone_cipher);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index df1dfcd5cf22..c05fc645a5b6 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -313,3 +313,17 @@ DEFINE_CRYPTO_API_STUB(crypto_authenc_extractkeys);
#endif
+/*
+ * crypto/cipher.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO)
+
+#include <crypto/internal/cipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_cipher_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_cipher_encrypt_one);
+DEFINE_CRYPTO_API_STUB(crypto_cipher_decrypt_one);
+DEFINE_CRYPTO_API_STUB(crypto_clone_cipher);
+
+#endif
+
diff --git a/include/crypto/internal/cipher.h b/include/crypto/internal/cipher.h
index 5030f6d2df31..13c48b20879c 100644
--- a/include/crypto/internal/cipher.h
+++ b/include/crypto/internal/cipher.h
@@ -11,6 +11,7 @@
#ifndef _CRYPTO_INTERNAL_CIPHER_H
#define _CRYPTO_INTERNAL_CIPHER_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
struct crypto_cipher {
@@ -149,8 +150,9 @@ static inline void crypto_cipher_clear_flags(struct crypto_cipher *tfm,
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_cipher_setkey(struct crypto_cipher *tfm,
- const u8 *key, unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_cipher_setkey, int,
+ (struct crypto_cipher *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
/**
* crypto_cipher_encrypt_one() - encrypt one block of plaintext
@@ -161,8 +163,9 @@ int crypto_cipher_setkey(struct crypto_cipher *tfm,
* Invoke the encryption operation of one block. The caller must ensure that
* the plaintext and ciphertext buffers are at least one block in size.
*/
-void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
- u8 *dst, const u8 *src);
+DECLARE_CRYPTO_API(crypto_cipher_encrypt_one, void,
+ (struct crypto_cipher *tfm, u8 *dst, const u8 *src),
+ (tfm, dst, src));
/**
* crypto_cipher_decrypt_one() - decrypt one block of ciphertext
@@ -173,10 +176,13 @@ void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
* Invoke the decryption operation of one block. The caller must ensure that
* the plaintext and ciphertext buffers are at least one block in size.
*/
-void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
- u8 *dst, const u8 *src);
+DECLARE_CRYPTO_API(crypto_cipher_decrypt_one, void,
+ (struct crypto_cipher *tfm, u8 *dst, const u8 *src),
+ (tfm, dst, src));
-struct crypto_cipher *crypto_clone_cipher(struct crypto_cipher *cipher);
+DECLARE_CRYPTO_API(crypto_clone_cipher, struct crypto_cipher *,
+ (struct crypto_cipher *cipher),
+ (cipher));
struct crypto_cipher_spawn {
struct crypto_spawn base;
--
2.39.3
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox