* [PATCH RFC 087/104] crypto: fips140: convert crypto/asymmetric_keys/x509_loader.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_X509_CERTIFICATE_PARSER --source crypto/asymmetric_keys/x509_loader.c --header include/keys/asymmetric-type.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/x509_loader.c | 4 ++--
crypto/fips140-api.c | 11 +++++++++++
include/keys/asymmetric-type.h | 5 +++--
3 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_loader.c b/crypto/asymmetric_keys/x509_loader.c
index a41741326998..a480763b1649 100644
--- a/crypto/asymmetric_keys/x509_loader.c
+++ b/crypto/asymmetric_keys/x509_loader.c
@@ -4,7 +4,7 @@
#include <linux/key.h>
#include <keys/asymmetric-type.h>
-int x509_load_certificate_list(const u8 cert_list[],
+int CRYPTO_API(x509_load_certificate_list)(const u8 cert_list[],
const unsigned long list_size,
const struct key *keyring)
{
@@ -55,4 +55,4 @@ int x509_load_certificate_list(const u8 cert_list[],
pr_err("Problem parsing in-kernel X.509 certificate list\n");
return 0;
}
-EXPORT_SYMBOL_GPL(x509_load_certificate_list);
+DEFINE_CRYPTO_API(x509_load_certificate_list);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index db5b142e21df..91812ed74f8a 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -713,3 +713,14 @@ DEFINE_CRYPTO_API_STUB(x509_decode_time);
#endif
+/*
+ * crypto/asymmetric_keys/x509_loader.c
+ */
+#if !IS_BUILTIN(CONFIG_X509_CERTIFICATE_PARSER)
+
+#include <keys/asymmetric-type.h>
+
+DEFINE_CRYPTO_API_STUB(x509_load_certificate_list);
+
+#endif
+
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
index fb7f82527978..ee1bf9b28bfd 100644
--- a/include/keys/asymmetric-type.h
+++ b/include/keys/asymmetric-type.h
@@ -84,8 +84,9 @@ DECLARE_CRYPTO_API(find_asymmetric_key, struct key *,
(struct key *keyring, const struct asymmetric_key_id *id_0, const struct asymmetric_key_id *id_1, const struct asymmetric_key_id *id_2, bool partial),
(keyring, id_0, id_1, id_2, partial));
-int x509_load_certificate_list(const u8 cert_list[], const unsigned long list_size,
- const struct key *keyring);
+DECLARE_CRYPTO_API(x509_load_certificate_list, int,
+ (const u8 cert_list[], const unsigned long list_size, const struct key *keyring),
+ (cert_list, list_size, keyring));
/*
* The payload is at the discretion of the subtype.
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 086/104] crypto: fips140: convert crypto/asymmetric_keys/x509_cert_parser.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_X509_CERTIFICATE_PARSER --source crypto/asymmetric_keys/x509_cert_parser.c --header crypto/asymmetric_keys/x509_parser.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/x509_cert_parser.c | 12 ++++++------
crypto/asymmetric_keys/x509_parser.h | 15 ++++++++++-----
crypto/fips140-api.c | 13 +++++++++++++
3 files changed, 29 insertions(+), 11 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 2ffe4ae90bea..aae629557e8d 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -41,7 +41,7 @@ struct x509_parse_context {
/*
* Free an X.509 certificate
*/
-void x509_free_certificate(struct x509_certificate *cert)
+void CRYPTO_API(x509_free_certificate)(struct x509_certificate *cert)
{
if (cert) {
public_key_free(cert->pub);
@@ -53,12 +53,12 @@ void x509_free_certificate(struct x509_certificate *cert)
kfree(cert);
}
}
-EXPORT_SYMBOL_GPL(x509_free_certificate);
+DEFINE_CRYPTO_API(x509_free_certificate);
/*
* Parse an X.509 certificate
*/
-struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
+struct x509_certificate *CRYPTO_API(x509_cert_parse)(const void *data, size_t datalen)
{
struct x509_certificate *cert __free(x509_free_certificate);
struct x509_parse_context *ctx __free(kfree) = NULL;
@@ -132,7 +132,7 @@ struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
return_ptr(cert);
}
-EXPORT_SYMBOL_GPL(x509_cert_parse);
+DEFINE_CRYPTO_API(x509_cert_parse);
/*
* Note an OID when we find one for later processing when we know how
@@ -649,7 +649,7 @@ int x509_process_extension(void *context, size_t hdrlen,
* applications MUST be able to process validity dates that are encoded in
* either UTCTime or GeneralizedTime.
*/
-int x509_decode_time(time64_t *_t, size_t hdrlen,
+int CRYPTO_API(x509_decode_time)(time64_t *_t, size_t hdrlen,
unsigned char tag,
const unsigned char *value, size_t vlen)
{
@@ -724,7 +724,7 @@ int x509_decode_time(time64_t *_t, size_t hdrlen,
tag, (int)vlen, value);
return -EBADMSG;
}
-EXPORT_SYMBOL_GPL(x509_decode_time);
+DEFINE_CRYPTO_API(x509_decode_time);
int x509_note_not_before(void *context, size_t hdrlen,
unsigned char tag,
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index 0688c222806b..79342e8e8bd9 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -5,6 +5,7 @@
* Written by David Howells (dhowells@redhat.com)
*/
+#include <crypto/api.h>
#include <linux/cleanup.h>
#include <linux/time.h>
#include <crypto/public_key.h>
@@ -44,13 +45,17 @@ struct x509_certificate {
/*
* x509_cert_parser.c
*/
-extern void x509_free_certificate(struct x509_certificate *cert);
+DECLARE_CRYPTO_API(x509_free_certificate, void,
+ (struct x509_certificate *cert),
+ (cert));
DEFINE_FREE(x509_free_certificate, struct x509_certificate *,
if (!IS_ERR(_T)) x509_free_certificate(_T))
-extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);
-extern int x509_decode_time(time64_t *_t, size_t hdrlen,
- unsigned char tag,
- const unsigned char *value, size_t vlen);
+DECLARE_CRYPTO_API(x509_cert_parse, struct x509_certificate *,
+ (const void *data, size_t datalen),
+ (data, datalen));
+DECLARE_CRYPTO_API(x509_decode_time, int,
+ (time64_t *_t, size_t hdrlen, unsigned char tag, const unsigned char *value, size_t vlen),
+ (_t, hdrlen, tag, value, vlen));
/*
* x509_public_key.c
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 5c245b1be2ba..db5b142e21df 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -700,3 +700,16 @@ DEFINE_CRYPTO_API_STUB(verify_signature);
#endif
+/*
+ * crypto/asymmetric_keys/x509_cert_parser.c
+ */
+#if !IS_BUILTIN(CONFIG_X509_CERTIFICATE_PARSER)
+
+#include <crypto/asymmetric_keys/x509_parser.h>
+
+DEFINE_CRYPTO_API_STUB(x509_free_certificate);
+DEFINE_CRYPTO_API_STUB(x509_cert_parse);
+DEFINE_CRYPTO_API_STUB(x509_decode_time);
+
+#endif
+
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 085/104] crypto: fips140: convert crypto/asymmetric_keys/signature.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_ASYMMETRIC_KEY_TYPE --source crypto/asymmetric_keys/signature.c --header include/crypto/public_key.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/signature.c | 12 ++++++------
crypto/fips140-api.c | 13 +++++++++++++
include/crypto/public_key.h | 14 +++++++++-----
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c
index 041d04b5c953..06ae0a49222c 100644
--- a/crypto/asymmetric_keys/signature.c
+++ b/crypto/asymmetric_keys/signature.c
@@ -20,7 +20,7 @@
/*
* Destroy a public key signature.
*/
-void public_key_signature_free(struct public_key_signature *sig)
+void CRYPTO_API(public_key_signature_free)(struct public_key_signature *sig)
{
int i;
@@ -32,14 +32,14 @@ void public_key_signature_free(struct public_key_signature *sig)
kfree(sig);
}
}
-EXPORT_SYMBOL_GPL(public_key_signature_free);
+DEFINE_CRYPTO_API(public_key_signature_free);
/**
* query_asymmetric_key - Get information about an asymmetric key.
* @params: Various parameters.
* @info: Where to put the information.
*/
-int query_asymmetric_key(const struct kernel_pkey_params *params,
+int CRYPTO_API(query_asymmetric_key)(const struct kernel_pkey_params *params,
struct kernel_pkey_query *info)
{
const struct asymmetric_key_subtype *subtype;
@@ -62,7 +62,7 @@ int query_asymmetric_key(const struct kernel_pkey_params *params,
pr_devel("<==%s() = %d\n", __func__, ret);
return ret;
}
-EXPORT_SYMBOL_GPL(query_asymmetric_key);
+DEFINE_CRYPTO_API(query_asymmetric_key);
/**
* verify_signature - Initiate the use of an asymmetric key to verify a signature
@@ -71,7 +71,7 @@ EXPORT_SYMBOL_GPL(query_asymmetric_key);
*
* Returns 0 if successful or else an error.
*/
-int verify_signature(const struct key *key,
+int CRYPTO_API(verify_signature)(const struct key *key,
const struct public_key_signature *sig)
{
const struct asymmetric_key_subtype *subtype;
@@ -93,4 +93,4 @@ int verify_signature(const struct key *key,
pr_devel("<==%s() = %d\n", __func__, ret);
return ret;
}
-EXPORT_SYMBOL_GPL(verify_signature);
+DEFINE_CRYPTO_API(verify_signature);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 49e89f4bdddb..5c245b1be2ba 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -687,3 +687,16 @@ DEFINE_CRYPTO_API_STUB(public_key_verify_signature);
#endif
+/*
+ * crypto/asymmetric_keys/signature.c
+ */
+#if !IS_BUILTIN(CONFIG_ASYMMETRIC_KEY_TYPE)
+
+#include <crypto/public_key.h>
+
+DEFINE_CRYPTO_API_STUB(public_key_signature_free);
+DEFINE_CRYPTO_API_STUB(query_asymmetric_key);
+DEFINE_CRYPTO_API_STUB(verify_signature);
+
+#endif
+
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 46e6e14b8559..c8f30adbd655 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -54,7 +54,9 @@ struct public_key_signature {
const char *encoding;
};
-extern void public_key_signature_free(struct public_key_signature *sig);
+DECLARE_CRYPTO_API(public_key_signature_free, void,
+ (struct public_key_signature *sig),
+ (sig));
extern struct asymmetric_key_subtype public_key_subtype;
@@ -104,11 +106,13 @@ static inline int restrict_link_by_digsig(struct key *dest_keyring,
}
#endif
-extern int query_asymmetric_key(const struct kernel_pkey_params *,
- struct kernel_pkey_query *);
+DECLARE_CRYPTO_API(query_asymmetric_key, int,
+ (const struct kernel_pkey_params *arg1, struct kernel_pkey_query *arg2),
+ (arg1, arg2));
-extern int verify_signature(const struct key *,
- const struct public_key_signature *);
+DECLARE_CRYPTO_API(verify_signature, int,
+ (const struct key *arg1, const struct public_key_signature *arg2),
+ (arg1, arg2));
#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
DECLARE_CRYPTO_API(public_key_verify_signature, int,
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 082/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs8_parser.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS8_PRIVATE_KEY_PARSER --source crypto/asymmetric_keys/pkcs8_parser.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs8_parser.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs8_parser.c b/crypto/asymmetric_keys/pkcs8_parser.c
index 105dcce27f71..f26464639232 100644
--- a/crypto/asymmetric_keys/pkcs8_parser.c
+++ b/crypto/asymmetric_keys/pkcs8_parser.c
@@ -173,8 +173,8 @@ static void __exit pkcs8_key_exit(void)
unregister_asymmetric_key_parser(&pkcs8_key_parser);
}
-module_init(pkcs8_key_init);
-module_exit(pkcs8_key_exit);
+crypto_module_init(pkcs8_key_init);
+crypto_module_exit(pkcs8_key_exit);
MODULE_DESCRIPTION("PKCS#8 certificate parser");
MODULE_LICENSE("GPL");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 084/104] crypto: fips140: convert crypto/asymmetric_keys/selftest.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_FIPS_SIGNATURE_SELFTEST --source crypto/asymmetric_keys/selftest.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/selftest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/selftest.c b/crypto/asymmetric_keys/selftest.c
index 98dc5cdfdebe..4f3b6ef85d1b 100644
--- a/crypto/asymmetric_keys/selftest.c
+++ b/crypto/asymmetric_keys/selftest.c
@@ -65,7 +65,7 @@ static int __init fips_signature_selftest_init(void)
return 0;
}
-late_initcall(fips_signature_selftest_init);
+crypto_late_initcall(fips_signature_selftest_init);
MODULE_DESCRIPTION("X.509 self tests");
MODULE_AUTHOR("Red Hat, Inc.");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 083/104] crypto: fips140: convert crypto/asymmetric_keys/public_key.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE --source crypto/asymmetric_keys/public_key.c --header include/crypto/public_key.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/public_key.c | 8 ++++----
crypto/fips140-api.c | 12 ++++++++++++
include/crypto/public_key.h | 10 +++++++---
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index e5b177c8e842..a35689994302 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -39,7 +39,7 @@ static void public_key_describe(const struct key *asymmetric_key,
/*
* Destroy a public key algorithm key.
*/
-void public_key_free(struct public_key *key)
+void CRYPTO_API(public_key_free)(struct public_key *key)
{
if (key) {
kfree_sensitive(key->key);
@@ -47,7 +47,7 @@ void public_key_free(struct public_key *key)
kfree(key);
}
}
-EXPORT_SYMBOL_GPL(public_key_free);
+DEFINE_CRYPTO_API(public_key_free);
/*
* Destroy a public key algorithm key.
@@ -365,7 +365,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params,
/*
* Verify a signature using a public key.
*/
-int public_key_verify_signature(const struct public_key *pkey,
+int CRYPTO_API(public_key_verify_signature)(const struct public_key *pkey,
const struct public_key_signature *sig)
{
char alg_name[CRYPTO_MAX_ALG_NAME];
@@ -437,7 +437,7 @@ int public_key_verify_signature(const struct public_key *pkey,
ret = -EINVAL;
return ret;
}
-EXPORT_SYMBOL_GPL(public_key_verify_signature);
+DEFINE_CRYPTO_API(public_key_verify_signature);
static int public_key_verify_signature_2(const struct key *key,
const struct public_key_signature *sig)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index fb3dc947022a..49e89f4bdddb 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -675,3 +675,15 @@ DEFINE_CRYPTO_API_STUB(pkcs7_supply_detached_data);
#endif
+/*
+ * crypto/asymmetric_keys/public_key.c
+ */
+#if !IS_BUILTIN(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
+
+#include <crypto/public_key.h>
+
+DEFINE_CRYPTO_API_STUB(public_key_free);
+DEFINE_CRYPTO_API_STUB(public_key_verify_signature);
+
+#endif
+
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 81098e00c08f..46e6e14b8559 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -10,6 +10,7 @@
#ifndef _LINUX_PUBLIC_KEY_H
#define _LINUX_PUBLIC_KEY_H
+#include <crypto/api.h>
#include <linux/errno.h>
#include <linux/keyctl.h>
#include <linux/oid_registry.h>
@@ -35,7 +36,9 @@ struct public_key {
#define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
};
-extern void public_key_free(struct public_key *key);
+DECLARE_CRYPTO_API(public_key_free, void,
+ (struct public_key *key),
+ (key));
/*
* Public key cryptography signature data
@@ -108,8 +111,9 @@ extern int verify_signature(const struct key *,
const struct public_key_signature *);
#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
-int public_key_verify_signature(const struct public_key *pkey,
- const struct public_key_signature *sig);
+DECLARE_CRYPTO_API(public_key_verify_signature, int,
+ (const struct public_key *pkey, const struct public_key_signature *sig),
+ (pkey, sig));
#else
static inline
int public_key_verify_signature(const struct public_key *pkey,
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 081/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_verify.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS7_MESSAGE_PARSER --source crypto/asymmetric_keys/pkcs7_verify.c --header include/crypto/pkcs7.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs7_verify.c | 8 ++++----
crypto/fips140-api.c | 12 ++++++++++++
include/crypto/pkcs7.h | 10 ++++++----
3 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index f0d4ff3c20a8..ebb86a8ace9c 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -391,7 +391,7 @@ static int pkcs7_verify_one(struct pkcs7_message *pkcs7,
* (*) -ENOPKG if none of the signature chains are verifiable because suitable
* crypto modules couldn't be found.
*/
-int pkcs7_verify(struct pkcs7_message *pkcs7,
+int CRYPTO_API(pkcs7_verify)(struct pkcs7_message *pkcs7,
enum key_being_used_for usage)
{
struct pkcs7_signed_info *sinfo;
@@ -459,7 +459,7 @@ int pkcs7_verify(struct pkcs7_message *pkcs7,
kleave(" = %d", actual_ret);
return actual_ret;
}
-EXPORT_SYMBOL_GPL(pkcs7_verify);
+DEFINE_CRYPTO_API(pkcs7_verify);
/**
* pkcs7_supply_detached_data - Supply the data needed to verify a PKCS#7 message
@@ -474,7 +474,7 @@ EXPORT_SYMBOL_GPL(pkcs7_verify);
*
* Returns -EINVAL if data is already supplied in the message, 0 otherwise.
*/
-int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
+int CRYPTO_API(pkcs7_supply_detached_data)(struct pkcs7_message *pkcs7,
const void *data, size_t datalen)
{
if (pkcs7->data) {
@@ -485,4 +485,4 @@ int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
pkcs7->data_len = datalen;
return 0;
}
-EXPORT_SYMBOL_GPL(pkcs7_supply_detached_data);
+DEFINE_CRYPTO_API(pkcs7_supply_detached_data);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index f65b2a950ccf..fb3dc947022a 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -663,3 +663,15 @@ DEFINE_CRYPTO_API_STUB(pkcs7_validate_trust);
#endif
+/*
+ * crypto/asymmetric_keys/pkcs7_verify.c
+ */
+#if !IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER)
+
+#include <crypto/pkcs7.h>
+
+DEFINE_CRYPTO_API_STUB(pkcs7_verify);
+DEFINE_CRYPTO_API_STUB(pkcs7_supply_detached_data);
+
+#endif
+
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index bec3884eb242..f5e288073934 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -40,11 +40,13 @@ DECLARE_CRYPTO_API(pkcs7_validate_trust, int,
/*
* pkcs7_verify.c
*/
-extern int pkcs7_verify(struct pkcs7_message *pkcs7,
- enum key_being_used_for usage);
+DECLARE_CRYPTO_API(pkcs7_verify, int,
+ (struct pkcs7_message *pkcs7, enum key_being_used_for usage),
+ (pkcs7, usage));
-extern int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
- const void *data, size_t datalen);
+DECLARE_CRYPTO_API(pkcs7_supply_detached_data, int,
+ (struct pkcs7_message *pkcs7, const void *data, size_t datalen),
+ (pkcs7, data, datalen));
extern int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf,
u32 *len, enum hash_algo *hash_algo);
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 080/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_trust.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS7_MESSAGE_PARSER --source crypto/asymmetric_keys/pkcs7_trust.c --header include/crypto/pkcs7.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs7_trust.c | 4 ++--
crypto/fips140-api.c | 11 +++++++++++
include/crypto/pkcs7.h | 5 +++--
3 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index 9a87c34ed173..0c04ba146ab6 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -155,7 +155,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
*
* May also return -ENOMEM.
*/
-int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+int CRYPTO_API(pkcs7_validate_trust)(struct pkcs7_message *pkcs7,
struct key *trust_keyring)
{
struct pkcs7_signed_info *sinfo;
@@ -185,4 +185,4 @@ int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
return cached_ret;
}
-EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
+DEFINE_CRYPTO_API(pkcs7_validate_trust);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 36d7cd3595a9..f65b2a950ccf 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -652,3 +652,14 @@ DEFINE_CRYPTO_API_STUB(pkcs7_get_content_data);
#endif
+/*
+ * crypto/asymmetric_keys/pkcs7_trust.c
+ */
+#if !IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER)
+
+#include <crypto/pkcs7.h>
+
+DEFINE_CRYPTO_API_STUB(pkcs7_validate_trust);
+
+#endif
+
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index fcb744d3f436..bec3884eb242 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -33,8 +33,9 @@ DECLARE_CRYPTO_API(pkcs7_get_content_data, int,
/*
* pkcs7_trust.c
*/
-extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
- struct key *trust_keyring);
+DECLARE_CRYPTO_API(pkcs7_validate_trust, int,
+ (struct pkcs7_message *pkcs7, struct key *trust_keyring),
+ (pkcs7, trust_keyring));
/*
* pkcs7_verify.c
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 079/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_parser.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS7_MESSAGE_PARSER --source crypto/asymmetric_keys/pkcs7_parser.c --header include/crypto/pkcs7.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs7_parser.c | 12 ++++++------
crypto/fips140-api.c | 13 +++++++++++++
include/crypto/pkcs7.h | 18 +++++++++++-------
3 files changed, 30 insertions(+), 13 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index 423d13c47545..68e70ec19d4d 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -54,7 +54,7 @@ static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
* pkcs7_free_message - Free a PKCS#7 message
* @pkcs7: The PKCS#7 message to free
*/
-void pkcs7_free_message(struct pkcs7_message *pkcs7)
+void CRYPTO_API(pkcs7_free_message)(struct pkcs7_message *pkcs7)
{
struct x509_certificate *cert;
struct pkcs7_signed_info *sinfo;
@@ -78,7 +78,7 @@ void pkcs7_free_message(struct pkcs7_message *pkcs7)
kfree(pkcs7);
}
}
-EXPORT_SYMBOL_GPL(pkcs7_free_message);
+DEFINE_CRYPTO_API(pkcs7_free_message);
/*
* Check authenticatedAttributes are provided or not provided consistently.
@@ -112,7 +112,7 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg)
* @data: The raw binary ASN.1 encoded message to be parsed
* @datalen: The size of the encoded message
*/
-struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
+struct pkcs7_message *CRYPTO_API(pkcs7_parse_message)(const void *data, size_t datalen)
{
struct pkcs7_parse_context *ctx;
struct pkcs7_message *msg = ERR_PTR(-ENOMEM);
@@ -167,7 +167,7 @@ struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
out_no_ctx:
return msg;
}
-EXPORT_SYMBOL_GPL(pkcs7_parse_message);
+DEFINE_CRYPTO_API(pkcs7_parse_message);
/**
* pkcs7_get_content_data - Get access to the PKCS#7 content
@@ -182,7 +182,7 @@ EXPORT_SYMBOL_GPL(pkcs7_parse_message);
*
* Returns -ENODATA if the data object was missing from the message.
*/
-int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
+int CRYPTO_API(pkcs7_get_content_data)(const struct pkcs7_message *pkcs7,
const void **_data, size_t *_data_len,
size_t *_headerlen)
{
@@ -195,7 +195,7 @@ int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
*_headerlen = pkcs7->data_hdrlen;
return 0;
}
-EXPORT_SYMBOL_GPL(pkcs7_get_content_data);
+DEFINE_CRYPTO_API(pkcs7_get_content_data);
/*
* Note an OID when we find one for later processing when we know how
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 81d920836e1b..36d7cd3595a9 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -639,3 +639,16 @@ DEFINE_CRYPTO_API_STUB(find_asymmetric_key);
#endif
+/*
+ * crypto/asymmetric_keys/pkcs7_parser.c
+ */
+#if !IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER)
+
+#include <crypto/pkcs7.h>
+
+DEFINE_CRYPTO_API_STUB(pkcs7_parse_message);
+DEFINE_CRYPTO_API_STUB(pkcs7_free_message);
+DEFINE_CRYPTO_API_STUB(pkcs7_get_content_data);
+
+#endif
+
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index 38ec7f5f9041..fcb744d3f436 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -8,6 +8,7 @@
#ifndef _CRYPTO_PKCS7_H
#define _CRYPTO_PKCS7_H
+#include <crypto/api.h>
#include <linux/verification.h>
#include <linux/hash_info.h>
#include <crypto/public_key.h>
@@ -18,13 +19,16 @@ struct pkcs7_message;
/*
* pkcs7_parser.c
*/
-extern struct pkcs7_message *pkcs7_parse_message(const void *data,
- size_t datalen);
-extern void pkcs7_free_message(struct pkcs7_message *pkcs7);
-
-extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
- const void **_data, size_t *_datalen,
- size_t *_headerlen);
+DECLARE_CRYPTO_API(pkcs7_parse_message, struct pkcs7_message *,
+ (const void *data, size_t datalen),
+ (data, datalen));
+DECLARE_CRYPTO_API(pkcs7_free_message, void,
+ (struct pkcs7_message *pkcs7),
+ (pkcs7));
+
+DECLARE_CRYPTO_API(pkcs7_get_content_data, int,
+ (const struct pkcs7_message *pkcs7, const void **_data, size_t *_datalen, size_t *_headerlen),
+ (pkcs7, _data, _datalen, _headerlen));
/*
* pkcs7_trust.c
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 078/104] crypto: fips140: convert crypto/asymmetric_keys/pkcs7_key_type.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_PKCS7_TEST_KEY --source crypto/asymmetric_keys/pkcs7_key_type.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/pkcs7_key_type.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index e71be8b5b0f2..6566c74665fd 100644
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -92,5 +92,5 @@ static void __exit pkcs7_key_cleanup(void)
unregister_key_type(&key_type_pkcs7);
}
-module_init(pkcs7_key_init);
-module_exit(pkcs7_key_cleanup);
+crypto_module_init(pkcs7_key_init);
+crypto_module_exit(pkcs7_key_cleanup);
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 077/104] crypto: fips140: convert crypto/asymmetric_keys/asymmetric_type.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_ASYMMETRIC_KEY_TYPE --source crypto/asymmetric_keys/asymmetric_type.c --header include/keys/asymmetric-parser.h include/keys/asymmetric-type.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/asymmetric_keys/asymmetric_type.c | 30 ++++++++++++------------
crypto/fips140-api.c | 19 +++++++++++++++
include/keys/asymmetric-parser.h | 8 +++++--
include/keys/asymmetric-type.h | 26 ++++++++++----------
4 files changed, 53 insertions(+), 30 deletions(-)
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index ba2d9d1ea235..7c0a73d17eb9 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -38,7 +38,7 @@ static DECLARE_RWSEM(asymmetric_key_parsers_sem);
* exactly. If both are missing, id_2 must match the sought key's third
* identifier exactly.
*/
-struct key *find_asymmetric_key(struct key *keyring,
+struct key *CRYPTO_API(find_asymmetric_key)(struct key *keyring,
const struct asymmetric_key_id *id_0,
const struct asymmetric_key_id *id_1,
const struct asymmetric_key_id *id_2,
@@ -124,7 +124,7 @@ struct key *find_asymmetric_key(struct key *keyring,
key_put(key);
return ERR_PTR(-EKEYREJECTED);
}
-EXPORT_SYMBOL_GPL(find_asymmetric_key);
+DEFINE_CRYPTO_API(find_asymmetric_key);
/**
* asymmetric_key_generate_id: Construct an asymmetric key ID
@@ -135,7 +135,7 @@ EXPORT_SYMBOL_GPL(find_asymmetric_key);
*
* Construct an asymmetric key ID from a pair of binary blobs.
*/
-struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
+struct asymmetric_key_id *CRYPTO_API(asymmetric_key_generate_id)(const void *val_1,
size_t len_1,
const void *val_2,
size_t len_2)
@@ -151,14 +151,14 @@ struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
memcpy(kid->data + len_1, val_2, len_2);
return kid;
}
-EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
+DEFINE_CRYPTO_API(asymmetric_key_generate_id);
/**
* asymmetric_key_id_same - Return true if two asymmetric keys IDs are the same.
* @kid1: The key ID to compare
* @kid2: The key ID to compare
*/
-bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
+bool CRYPTO_API(asymmetric_key_id_same)(const struct asymmetric_key_id *kid1,
const struct asymmetric_key_id *kid2)
{
if (!kid1 || !kid2)
@@ -167,7 +167,7 @@ bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
return false;
return memcmp(kid1->data, kid2->data, kid1->len) == 0;
}
-EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
+DEFINE_CRYPTO_API(asymmetric_key_id_same);
/**
* asymmetric_key_id_partial - Return true if two asymmetric keys IDs
@@ -175,7 +175,7 @@ EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
* @kid1: The key ID to compare
* @kid2: The key ID to compare
*/
-bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
+bool CRYPTO_API(asymmetric_key_id_partial)(const struct asymmetric_key_id *kid1,
const struct asymmetric_key_id *kid2)
{
if (!kid1 || !kid2)
@@ -185,7 +185,7 @@ bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
return memcmp(kid1->data + (kid1->len - kid2->len),
kid2->data, kid2->len) == 0;
}
-EXPORT_SYMBOL_GPL(asymmetric_key_id_partial);
+DEFINE_CRYPTO_API(asymmetric_key_id_partial);
/**
* asymmetric_match_key_ids - Search asymmetric key IDs 1 & 2
@@ -281,7 +281,7 @@ static bool asymmetric_key_cmp_name(const struct key *key,
const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
const struct asymmetric_key_id *match_id = match_data->preparsed;
- return kids && asymmetric_key_id_same(kids->id[2], match_id);
+ return kids && CRYPTO_API(asymmetric_key_id_same)(kids->id[2], match_id);
}
/*
@@ -617,7 +617,7 @@ EXPORT_SYMBOL_GPL(key_type_asymmetric);
* register_asymmetric_key_parser - Register a asymmetric key blob parser
* @parser: The parser to register
*/
-int register_asymmetric_key_parser(struct asymmetric_key_parser *parser)
+int CRYPTO_API(register_asymmetric_key_parser)(struct asymmetric_key_parser *parser)
{
struct asymmetric_key_parser *cursor;
int ret;
@@ -642,13 +642,13 @@ int register_asymmetric_key_parser(struct asymmetric_key_parser *parser)
up_write(&asymmetric_key_parsers_sem);
return ret;
}
-EXPORT_SYMBOL_GPL(register_asymmetric_key_parser);
+DEFINE_CRYPTO_API(register_asymmetric_key_parser);
/**
* unregister_asymmetric_key_parser - Unregister a asymmetric key blob parser
* @parser: The parser to unregister
*/
-void unregister_asymmetric_key_parser(struct asymmetric_key_parser *parser)
+void CRYPTO_API(unregister_asymmetric_key_parser)(struct asymmetric_key_parser *parser)
{
down_write(&asymmetric_key_parsers_sem);
list_del(&parser->link);
@@ -656,7 +656,7 @@ void unregister_asymmetric_key_parser(struct asymmetric_key_parser *parser)
pr_notice("Asymmetric key parser '%s' unregistered\n", parser->name);
}
-EXPORT_SYMBOL_GPL(unregister_asymmetric_key_parser);
+DEFINE_CRYPTO_API(unregister_asymmetric_key_parser);
/*
* Module stuff
@@ -671,5 +671,5 @@ static void __exit asymmetric_key_cleanup(void)
unregister_key_type(&key_type_asymmetric);
}
-module_init(asymmetric_key_init);
-module_exit(asymmetric_key_cleanup);
+crypto_module_init(asymmetric_key_init);
+crypto_module_exit(asymmetric_key_cleanup);
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 5599cfa963d8..81d920836e1b 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -620,3 +620,22 @@ DEFINE_CRYPTO_API_STUB(alg_test);
#endif
+/*
+ * crypto/asymmetric_keys/asymmetric_type.c
+ */
+#if !IS_BUILTIN(CONFIG_ASYMMETRIC_KEY_TYPE)
+
+#include <keys/asymmetric-parser.h>
+
+DEFINE_CRYPTO_API_STUB(register_asymmetric_key_parser);
+DEFINE_CRYPTO_API_STUB(unregister_asymmetric_key_parser);
+
+#include <keys/asymmetric-type.h>
+
+DEFINE_CRYPTO_API_STUB(asymmetric_key_id_same);
+DEFINE_CRYPTO_API_STUB(asymmetric_key_id_partial);
+DEFINE_CRYPTO_API_STUB(asymmetric_key_generate_id);
+DEFINE_CRYPTO_API_STUB(find_asymmetric_key);
+
+#endif
+
diff --git a/include/keys/asymmetric-parser.h b/include/keys/asymmetric-parser.h
index 516a3f51179e..682c82588cee 100644
--- a/include/keys/asymmetric-parser.h
+++ b/include/keys/asymmetric-parser.h
@@ -29,7 +29,11 @@ struct asymmetric_key_parser {
int (*parse)(struct key_preparsed_payload *prep);
};
-extern int register_asymmetric_key_parser(struct asymmetric_key_parser *);
-extern void unregister_asymmetric_key_parser(struct asymmetric_key_parser *);
+DECLARE_CRYPTO_API(register_asymmetric_key_parser, int,
+ (struct asymmetric_key_parser *parser),
+ (parser));
+DECLARE_CRYPTO_API(unregister_asymmetric_key_parser, void,
+ (struct asymmetric_key_parser *parser),
+ (parser));
#endif /* _KEYS_ASYMMETRIC_PARSER_H */
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
index 69a13e1e5b2e..fb7f82527978 100644
--- a/include/keys/asymmetric-type.h
+++ b/include/keys/asymmetric-type.h
@@ -10,6 +10,7 @@
#ifndef _KEYS_ASYMMETRIC_TYPE_H
#define _KEYS_ASYMMETRIC_TYPE_H
+#include <crypto/api.h>
#include <linux/key-type.h>
#include <linux/verification.h>
@@ -56,16 +57,17 @@ struct asymmetric_key_ids {
void *id[3];
};
-extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
- const struct asymmetric_key_id *kid2);
+DECLARE_CRYPTO_API(asymmetric_key_id_same, bool,
+ (const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2),
+ (kid1, kid2));
-extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
- const struct asymmetric_key_id *kid2);
+DECLARE_CRYPTO_API(asymmetric_key_id_partial, bool,
+ (const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2),
+ (kid1, kid2));
-extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
- size_t len_1,
- const void *val_2,
- size_t len_2);
+DECLARE_CRYPTO_API(asymmetric_key_generate_id, struct asymmetric_key_id *,
+ (const void *val_1, size_t len_1, const void *val_2, size_t len_2),
+ (val_1, len_1, val_2, len_2));
static inline
const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
{
@@ -78,11 +80,9 @@ const struct public_key *asymmetric_key_public_key(const struct key *key)
return key->payload.data[asym_crypto];
}
-extern struct key *find_asymmetric_key(struct key *keyring,
- const struct asymmetric_key_id *id_0,
- const struct asymmetric_key_id *id_1,
- const struct asymmetric_key_id *id_2,
- bool partial);
+DECLARE_CRYPTO_API(find_asymmetric_key, struct key *,
+ (struct key *keyring, const struct asymmetric_key_id *id_0, const struct asymmetric_key_id *id_1, const struct asymmetric_key_id *id_2, bool partial),
+ (keyring, id_0, id_1, id_2, partial));
int x509_load_certificate_list(const u8 cert_list[], const unsigned long list_size,
const struct key *keyring);
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 076/104] crypto: fips140: convert crypto/xts.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_XTS --source crypto/xts.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/xts.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/xts.c b/crypto/xts.c
index 3da8f5e053d6..97e499893292 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -466,8 +466,8 @@ static void __exit xts_module_exit(void)
crypto_unregister_template(&xts_tmpl);
}
-module_init(xts_module_init);
-module_exit(xts_module_exit);
+crypto_module_init(xts_module_init);
+crypto_module_exit(xts_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("XTS block cipher mode");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 075/104] crypto: fips140: convert crypto/testmgr.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_MANAGER2 --source crypto/testmgr.c --header crypto/internal.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 11 +++++++++++
crypto/internal.h | 4 +++-
crypto/testmgr.c | 6 +++---
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 115a0fc99e31..5599cfa963d8 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -609,3 +609,14 @@ DEFINE_CRYPTO_API_STUB(skcipher_alloc_instance_simple);
#endif
+/*
+ * crypto/testmgr.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_MANAGER2)
+
+#include <crypto/internal.h>
+
+DEFINE_CRYPTO_API_STUB(alg_test);
+
+#endif
+
diff --git a/crypto/internal.h b/crypto/internal.h
index 700280457bf6..f4b12863d922 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -66,7 +66,9 @@ extern struct list_head crypto_alg_list;
extern struct rw_semaphore crypto_alg_sem;
extern struct blocking_notifier_head crypto_chain;
-int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(alg_test, int,
+ (struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask),
+ (alg, driver, name, type, mask));
#if !IS_BUILTIN(CONFIG_CRYPTO_ALGAPI) || !IS_ENABLED(CONFIG_CRYPTO_SELFTESTS)
static inline bool crypto_boot_test_finished(void)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 35626ae18c60..54560f3431ca 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -61,7 +61,7 @@ MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations");
#ifndef CONFIG_CRYPTO_SELFTESTS
/* a perfect nop */
-int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
+int CRYPTO_API(alg_test)(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
{
return 0;
}
@@ -5864,7 +5864,7 @@ static int alg_test_fips_disabled(const struct crypto_alg *alg, const struct alg
return !(desc->fips_allowed & FIPS_NON_CRYPTOGRAPHIC);
}
-int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
+int CRYPTO_API(alg_test)(struct crypto_alg *alg, const char *driver, const char *name, u32 type, u32 mask)
{
int i;
int j;
@@ -5967,4 +5967,4 @@ int alg_test(struct crypto_alg *alg, const char *driver, const char *name, u32 t
#endif /* CONFIG_CRYPTO_SELFTESTS */
-EXPORT_SYMBOL_GPL(alg_test);
+DEFINE_CRYPTO_API(alg_test);
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 074/104] crypto: fips140: convert crypto/tcrypt.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_BENCHMARK --source crypto/tcrypt.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/tcrypt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index b69560f2fdef..233ab3073b79 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -2864,8 +2864,8 @@ static int __init tcrypt_mod_init(void)
*/
static void __exit tcrypt_mod_fini(void) { }
-late_initcall(tcrypt_mod_init);
-module_exit(tcrypt_mod_fini);
+crypto_late_initcall(tcrypt_mod_init);
+crypto_module_exit(tcrypt_mod_fini);
module_param(alg, charp, 0);
module_param(type, uint, 0);
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 073/104] crypto: fips140: convert crypto/skcipher.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SKCIPHER2 --source crypto/skcipher.c --header include/crypto/skcipher.h include/crypto/internal/skcipher.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 31 +++++++++++++
crypto/skcipher.c | 72 +++++++++++++++---------------
include/crypto/internal/skcipher.h | 51 ++++++++++++---------
include/crypto/skcipher.h | 35 ++++++++++-----
4 files changed, 122 insertions(+), 67 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 112212b32d6d..115a0fc99e31 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -578,3 +578,34 @@ DEFINE_CRYPTO_API_STUB(simd_unregister_aeads);
#endif
+/*
+ * crypto/skcipher.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SKCIPHER2)
+
+#include <crypto/skcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_alloc_sync_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_has_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_encrypt);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_decrypt);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_export);
+DEFINE_CRYPTO_API_STUB(crypto_skcipher_import);
+
+#include <crypto/internal/skcipher.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_grab_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_register_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_skcipher);
+DEFINE_CRYPTO_API_STUB(crypto_register_skciphers);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_skciphers);
+DEFINE_CRYPTO_API_STUB(skcipher_register_instance);
+DEFINE_CRYPTO_API_STUB(skcipher_walk_virt);
+DEFINE_CRYPTO_API_STUB(skcipher_walk_aead_encrypt);
+DEFINE_CRYPTO_API_STUB(skcipher_walk_aead_decrypt);
+DEFINE_CRYPTO_API_STUB(skcipher_alloc_instance_simple);
+
+#endif
+
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index de5fc91bba26..0bc53ac3fd0f 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -35,7 +35,7 @@ static inline struct skcipher_alg *__crypto_skcipher_alg(
return container_of(alg, struct skcipher_alg, base);
}
-int skcipher_walk_virt(struct skcipher_walk *__restrict walk,
+int CRYPTO_API(skcipher_walk_virt)(struct skcipher_walk *__restrict walk,
struct skcipher_request *__restrict req, bool atomic)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
@@ -69,7 +69,7 @@ int skcipher_walk_virt(struct skcipher_walk *__restrict walk,
return skcipher_walk_first(walk, atomic);
}
-EXPORT_SYMBOL_GPL(skcipher_walk_virt);
+DEFINE_CRYPTO_API(skcipher_walk_virt);
static int skcipher_walk_aead_common(struct skcipher_walk *__restrict walk,
struct aead_request *__restrict req,
@@ -97,7 +97,7 @@ static int skcipher_walk_aead_common(struct skcipher_walk *__restrict walk,
return skcipher_walk_first(walk, atomic);
}
-int skcipher_walk_aead_encrypt(struct skcipher_walk *__restrict walk,
+int CRYPTO_API(skcipher_walk_aead_encrypt)(struct skcipher_walk *__restrict walk,
struct aead_request *__restrict req,
bool atomic)
{
@@ -105,9 +105,9 @@ int skcipher_walk_aead_encrypt(struct skcipher_walk *__restrict walk,
return skcipher_walk_aead_common(walk, req, atomic);
}
-EXPORT_SYMBOL_GPL(skcipher_walk_aead_encrypt);
+DEFINE_CRYPTO_API(skcipher_walk_aead_encrypt);
-int skcipher_walk_aead_decrypt(struct skcipher_walk *__restrict walk,
+int CRYPTO_API(skcipher_walk_aead_decrypt)(struct skcipher_walk *__restrict walk,
struct aead_request *__restrict req,
bool atomic)
{
@@ -117,7 +117,7 @@ int skcipher_walk_aead_decrypt(struct skcipher_walk *__restrict walk,
return skcipher_walk_aead_common(walk, req, atomic);
}
-EXPORT_SYMBOL_GPL(skcipher_walk_aead_decrypt);
+DEFINE_CRYPTO_API(skcipher_walk_aead_decrypt);
static void skcipher_set_needkey(struct crypto_skcipher *tfm)
{
@@ -146,7 +146,7 @@ static int skcipher_setkey_unaligned(struct crypto_skcipher *tfm,
return ret;
}
-int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
+int CRYPTO_API(crypto_skcipher_setkey)(struct crypto_skcipher *tfm, const u8 *key,
unsigned int keylen)
{
struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
@@ -181,9 +181,9 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_setkey);
+DEFINE_CRYPTO_API(crypto_skcipher_setkey);
-int crypto_skcipher_encrypt(struct skcipher_request *req)
+int CRYPTO_API(crypto_skcipher_encrypt)(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
@@ -194,9 +194,9 @@ int crypto_skcipher_encrypt(struct skcipher_request *req)
return crypto_lskcipher_encrypt_sg(req);
return alg->encrypt(req);
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_encrypt);
+DEFINE_CRYPTO_API(crypto_skcipher_encrypt);
-int crypto_skcipher_decrypt(struct skcipher_request *req)
+int CRYPTO_API(crypto_skcipher_decrypt)(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
@@ -207,7 +207,7 @@ int crypto_skcipher_decrypt(struct skcipher_request *req)
return crypto_lskcipher_decrypt_sg(req);
return alg->decrypt(req);
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_decrypt);
+DEFINE_CRYPTO_API(crypto_skcipher_decrypt);
static int crypto_lskcipher_export(struct skcipher_request *req, void *out)
{
@@ -245,7 +245,7 @@ static int skcipher_noimport(struct skcipher_request *req, const void *in)
return 0;
}
-int crypto_skcipher_export(struct skcipher_request *req, void *out)
+int CRYPTO_API(crypto_skcipher_export)(struct skcipher_request *req, void *out)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
@@ -254,9 +254,9 @@ int crypto_skcipher_export(struct skcipher_request *req, void *out)
return crypto_lskcipher_export(req, out);
return alg->export(req, out);
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_export);
+DEFINE_CRYPTO_API(crypto_skcipher_export);
-int crypto_skcipher_import(struct skcipher_request *req, const void *in)
+int CRYPTO_API(crypto_skcipher_import)(struct skcipher_request *req, const void *in)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
@@ -265,7 +265,7 @@ int crypto_skcipher_import(struct skcipher_request *req, const void *in)
return crypto_lskcipher_import(req, in);
return alg->import(req, in);
}
-EXPORT_SYMBOL_GPL(crypto_skcipher_import);
+DEFINE_CRYPTO_API(crypto_skcipher_import);
static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
{
@@ -374,23 +374,23 @@ static const struct crypto_type crypto_skcipher_type = {
.algsize = offsetof(struct skcipher_alg, base),
};
-int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn,
+int CRYPTO_API(crypto_grab_skcipher)(struct crypto_skcipher_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_skcipher_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_skcipher);
+DEFINE_CRYPTO_API(crypto_grab_skcipher);
-struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name,
+struct crypto_skcipher *CRYPTO_API(crypto_alloc_skcipher)(const char *alg_name,
u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_skcipher_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_skcipher);
+DEFINE_CRYPTO_API(crypto_alloc_skcipher);
-struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(
+struct crypto_sync_skcipher *CRYPTO_API(crypto_alloc_sync_skcipher)(
const char *alg_name, u32 type, u32 mask)
{
struct crypto_skcipher *tfm;
@@ -413,13 +413,13 @@ struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(
return (struct crypto_sync_skcipher *)tfm;
}
-EXPORT_SYMBOL_GPL(crypto_alloc_sync_skcipher);
+DEFINE_CRYPTO_API(crypto_alloc_sync_skcipher);
-int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask)
+int CRYPTO_API(crypto_has_skcipher)(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_skcipher_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_has_skcipher);
+DEFINE_CRYPTO_API(crypto_has_skcipher);
int skcipher_prepare_alg_common(struct skcipher_alg_common *alg)
{
@@ -465,7 +465,7 @@ static int skcipher_prepare_alg(struct skcipher_alg *alg)
return 0;
}
-int crypto_register_skcipher(struct skcipher_alg *alg)
+int CRYPTO_API(crypto_register_skcipher)(struct skcipher_alg *alg)
{
struct crypto_alg *base = &alg->base;
int err;
@@ -476,15 +476,15 @@ int crypto_register_skcipher(struct skcipher_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_skcipher);
+DEFINE_CRYPTO_API(crypto_register_skcipher);
-void crypto_unregister_skcipher(struct skcipher_alg *alg)
+void CRYPTO_API(crypto_unregister_skcipher)(struct skcipher_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_skcipher);
+DEFINE_CRYPTO_API(crypto_unregister_skcipher);
-int crypto_register_skciphers(struct skcipher_alg *algs, int count)
+int CRYPTO_API(crypto_register_skciphers)(struct skcipher_alg *algs, int count)
{
int i, ret;
@@ -502,18 +502,18 @@ int crypto_register_skciphers(struct skcipher_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_skciphers);
+DEFINE_CRYPTO_API(crypto_register_skciphers);
-void crypto_unregister_skciphers(struct skcipher_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_skciphers)(struct skcipher_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_skcipher(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_skciphers);
+DEFINE_CRYPTO_API(crypto_unregister_skciphers);
-int skcipher_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(skcipher_register_instance)(struct crypto_template *tmpl,
struct skcipher_instance *inst)
{
int err;
@@ -527,7 +527,7 @@ int skcipher_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, skcipher_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(skcipher_register_instance);
+DEFINE_CRYPTO_API(skcipher_register_instance);
static int skcipher_setkey_simple(struct crypto_skcipher *tfm, const u8 *key,
unsigned int keylen)
@@ -584,7 +584,7 @@ static void skcipher_free_instance_simple(struct skcipher_instance *inst)
* Return: a pointer to the new instance, or an ERR_PTR(). The caller still
* needs to register the instance.
*/
-struct skcipher_instance *skcipher_alloc_instance_simple(
+struct skcipher_instance *CRYPTO_API(skcipher_alloc_instance_simple)(
struct crypto_template *tmpl, struct rtattr **tb)
{
u32 mask;
@@ -635,7 +635,7 @@ struct skcipher_instance *skcipher_alloc_instance_simple(
skcipher_free_instance_simple(inst);
return ERR_PTR(err);
}
-EXPORT_SYMBOL_GPL(skcipher_alloc_instance_simple);
+DEFINE_CRYPTO_API(skcipher_alloc_instance_simple);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Symmetric key cipher type");
diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h
index 69de98e9819a..d55b9b9d42a1 100644
--- a/include/crypto/internal/skcipher.h
+++ b/include/crypto/internal/skcipher.h
@@ -97,9 +97,9 @@ static inline void skcipher_request_complete(struct skcipher_request *req, int e
crypto_request_complete(&req->base, err);
}
-int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_skcipher, int,
+ (struct crypto_skcipher_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
DECLARE_CRYPTO_API(crypto_grab_lskcipher, int,
(struct crypto_lskcipher_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
@@ -158,12 +158,21 @@ static inline void crypto_skcipher_set_reqsize_dma(
skcipher->reqsize = reqsize;
}
-int crypto_register_skcipher(struct skcipher_alg *alg);
-void crypto_unregister_skcipher(struct skcipher_alg *alg);
-int crypto_register_skciphers(struct skcipher_alg *algs, int count);
-void crypto_unregister_skciphers(struct skcipher_alg *algs, int count);
-int skcipher_register_instance(struct crypto_template *tmpl,
- struct skcipher_instance *inst);
+DECLARE_CRYPTO_API(crypto_register_skcipher, int,
+ (struct skcipher_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_skcipher, void,
+ (struct skcipher_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_skciphers, int,
+ (struct skcipher_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_skciphers, void,
+ (struct skcipher_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(skcipher_register_instance, int,
+ (struct crypto_template *tmpl, struct skcipher_instance *inst),
+ (tmpl, inst));
DECLARE_CRYPTO_API(crypto_register_lskcipher, int,
(struct lskcipher_alg *alg),
@@ -181,15 +190,15 @@ DECLARE_CRYPTO_API(lskcipher_register_instance, int,
(struct crypto_template *tmpl, struct lskcipher_instance *inst),
(tmpl, inst));
-int skcipher_walk_virt(struct skcipher_walk *__restrict walk,
- struct skcipher_request *__restrict req,
- bool atomic);
-int skcipher_walk_aead_encrypt(struct skcipher_walk *__restrict walk,
- struct aead_request *__restrict req,
- bool atomic);
-int skcipher_walk_aead_decrypt(struct skcipher_walk *__restrict walk,
- struct aead_request *__restrict req,
- bool atomic);
+DECLARE_CRYPTO_API(skcipher_walk_virt, int,
+ (struct skcipher_walk *__restrict walk, struct skcipher_request *__restrict req, bool atomic),
+ (walk, req, atomic));
+DECLARE_CRYPTO_API(skcipher_walk_aead_encrypt, int,
+ (struct skcipher_walk *__restrict walk, struct aead_request *__restrict req, bool atomic),
+ (walk, req, atomic));
+DECLARE_CRYPTO_API(skcipher_walk_aead_decrypt, int,
+ (struct skcipher_walk *__restrict walk, struct aead_request *__restrict req, bool atomic),
+ (walk, req, atomic));
static inline void *crypto_skcipher_ctx(struct crypto_skcipher *tfm)
{
@@ -238,8 +247,10 @@ skcipher_cipher_simple(struct crypto_skcipher *tfm)
return ctx->cipher;
}
-struct skcipher_instance *skcipher_alloc_instance_simple(
- struct crypto_template *tmpl, struct rtattr **tb);
+DECLARE_CRYPTO_API(skcipher_alloc_instance_simple, struct skcipher_instance *,
+ (
+ struct crypto_template *tmpl, struct rtattr **tb),
+ (tmpl, tb));
static inline struct crypto_alg *skcipher_ialg_simple(
struct skcipher_instance *inst)
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 8ce770bb1f48..ad2e945de9fa 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -277,11 +277,13 @@ static inline struct crypto_skcipher *__crypto_skcipher_cast(
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_skcipher, struct crypto_skcipher *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
-struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name,
- u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_sync_skcipher, struct crypto_sync_skcipher *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
/**
@@ -357,7 +359,9 @@ static inline void crypto_free_lskcipher(struct crypto_lskcipher *tfm)
* Return: true when the skcipher is known to the kernel crypto API; false
* otherwise
*/
-int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_has_skcipher, int,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline const char *crypto_skcipher_driver_name(
struct crypto_skcipher *tfm)
@@ -613,8 +617,9 @@ static inline void crypto_lskcipher_clear_flags(struct crypto_lskcipher *tfm,
*
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_skcipher_setkey(struct crypto_skcipher *tfm,
- const u8 *key, unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_skcipher_setkey, int,
+ (struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm,
const u8 *key, unsigned int keylen)
@@ -700,7 +705,9 @@ static inline struct crypto_sync_skcipher *crypto_sync_skcipher_reqtfm(
*
* Return: 0 if the cipher operation was successful; < 0 if an error occurred
*/
-int crypto_skcipher_encrypt(struct skcipher_request *req);
+DECLARE_CRYPTO_API(crypto_skcipher_encrypt, int,
+ (struct skcipher_request *req),
+ (req));
/**
* crypto_skcipher_decrypt() - decrypt ciphertext
@@ -713,7 +720,9 @@ int crypto_skcipher_encrypt(struct skcipher_request *req);
*
* Return: 0 if the cipher operation was successful; < 0 if an error occurred
*/
-int crypto_skcipher_decrypt(struct skcipher_request *req);
+DECLARE_CRYPTO_API(crypto_skcipher_decrypt, int,
+ (struct skcipher_request *req),
+ (req));
/**
* crypto_skcipher_export() - export partial state
@@ -731,7 +740,9 @@ int crypto_skcipher_decrypt(struct skcipher_request *req);
*
* Return: 0 if the cipher operation was successful; < 0 if an error occurred
*/
-int crypto_skcipher_export(struct skcipher_request *req, void *out);
+DECLARE_CRYPTO_API(crypto_skcipher_export, int,
+ (struct skcipher_request *req, void *out),
+ (req, out));
/**
* crypto_skcipher_import() - import partial state
@@ -746,7 +757,9 @@ int crypto_skcipher_export(struct skcipher_request *req, void *out);
*
* Return: 0 if the cipher operation was successful; < 0 if an error occurred
*/
-int crypto_skcipher_import(struct skcipher_request *req, const void *in);
+DECLARE_CRYPTO_API(crypto_skcipher_import, int,
+ (struct skcipher_request *req, const void *in),
+ (req, in));
/**
* crypto_lskcipher_encrypt() - encrypt plaintext
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 072/104] crypto: fips140: convert crypto/simd.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SIMD --source crypto/simd.c --header include/crypto/internal/simd.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 16 ++++++++++++++++
crypto/simd.c | 24 ++++++++++++------------
include/crypto/internal/simd.h | 32 +++++++++++++++++++-------------
3 files changed, 47 insertions(+), 25 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index c4e66d008be2..112212b32d6d 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -562,3 +562,19 @@ DEFINE_CRYPTO_API_STUB(crypto_grab_sig);
#endif
+/*
+ * crypto/simd.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SIMD)
+
+#include <crypto/internal/simd.h>
+
+DEFINE_CRYPTO_API_STUB(simd_skcipher_create_compat);
+DEFINE_CRYPTO_API_STUB(simd_skcipher_free);
+DEFINE_CRYPTO_API_STUB(simd_register_skciphers_compat);
+DEFINE_CRYPTO_API_STUB(simd_unregister_skciphers);
+DEFINE_CRYPTO_API_STUB(simd_register_aeads_compat);
+DEFINE_CRYPTO_API_STUB(simd_unregister_aeads);
+
+#endif
+
diff --git a/crypto/simd.c b/crypto/simd.c
index b07721d1f3f6..32e3eb04462c 100644
--- a/crypto/simd.c
+++ b/crypto/simd.c
@@ -136,7 +136,7 @@ static int simd_skcipher_init(struct crypto_skcipher *tfm)
return 0;
}
-struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
+struct simd_skcipher_alg *CRYPTO_API(simd_skcipher_create_compat)(struct skcipher_alg *ialg,
const char *algname,
const char *drvname,
const char *basename)
@@ -195,16 +195,16 @@ struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
salg = ERR_PTR(err);
goto out;
}
-EXPORT_SYMBOL_GPL(simd_skcipher_create_compat);
+DEFINE_CRYPTO_API(simd_skcipher_create_compat);
-void simd_skcipher_free(struct simd_skcipher_alg *salg)
+void CRYPTO_API(simd_skcipher_free)(struct simd_skcipher_alg *salg)
{
crypto_unregister_skcipher(&salg->alg);
kfree(salg);
}
-EXPORT_SYMBOL_GPL(simd_skcipher_free);
+DEFINE_CRYPTO_API(simd_skcipher_free);
-int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
+int CRYPTO_API(simd_register_skciphers_compat)(struct skcipher_alg *algs, int count,
struct simd_skcipher_alg **simd_algs)
{
int err;
@@ -236,9 +236,9 @@ int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
simd_unregister_skciphers(algs, count, simd_algs);
return err;
}
-EXPORT_SYMBOL_GPL(simd_register_skciphers_compat);
+DEFINE_CRYPTO_API(simd_register_skciphers_compat);
-void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
+void CRYPTO_API(simd_unregister_skciphers)(struct skcipher_alg *algs, int count,
struct simd_skcipher_alg **simd_algs)
{
int i;
@@ -252,7 +252,7 @@ void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
}
}
}
-EXPORT_SYMBOL_GPL(simd_unregister_skciphers);
+DEFINE_CRYPTO_API(simd_unregister_skciphers);
/* AEAD support */
@@ -427,7 +427,7 @@ static void simd_aead_free(struct simd_aead_alg *salg)
kfree(salg);
}
-int simd_register_aeads_compat(struct aead_alg *algs, int count,
+int CRYPTO_API(simd_register_aeads_compat)(struct aead_alg *algs, int count,
struct simd_aead_alg **simd_algs)
{
int err;
@@ -459,9 +459,9 @@ int simd_register_aeads_compat(struct aead_alg *algs, int count,
simd_unregister_aeads(algs, count, simd_algs);
return err;
}
-EXPORT_SYMBOL_GPL(simd_register_aeads_compat);
+DEFINE_CRYPTO_API(simd_register_aeads_compat);
-void simd_unregister_aeads(struct aead_alg *algs, int count,
+void CRYPTO_API(simd_unregister_aeads)(struct aead_alg *algs, int count,
struct simd_aead_alg **simd_algs)
{
int i;
@@ -475,7 +475,7 @@ void simd_unregister_aeads(struct aead_alg *algs, int count,
}
}
}
-EXPORT_SYMBOL_GPL(simd_unregister_aeads);
+DEFINE_CRYPTO_API(simd_unregister_aeads);
MODULE_DESCRIPTION("Shared crypto SIMD helpers");
MODULE_LICENSE("GPL");
diff --git a/include/crypto/internal/simd.h b/include/crypto/internal/simd.h
index 9e338e7aafbd..a1a419f7fd57 100644
--- a/include/crypto/internal/simd.h
+++ b/include/crypto/internal/simd.h
@@ -6,6 +6,7 @@
#ifndef _CRYPTO_INTERNAL_SIMD_H
#define _CRYPTO_INTERNAL_SIMD_H
+#include <crypto/api.h>
#include <asm/simd.h>
#include <linux/percpu.h>
#include <linux/types.h>
@@ -15,28 +16,33 @@
struct simd_skcipher_alg;
struct skcipher_alg;
-struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
- const char *algname,
- const char *drvname,
- const char *basename);
-void simd_skcipher_free(struct simd_skcipher_alg *alg);
+DECLARE_CRYPTO_API(simd_skcipher_create_compat, struct simd_skcipher_alg *,
+ (struct skcipher_alg *ialg, const char *algname, const char *drvname, const char *basename),
+ (ialg, algname, drvname, basename));
+DECLARE_CRYPTO_API(simd_skcipher_free, void,
+ (struct simd_skcipher_alg *alg),
+ (alg));
-int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
- struct simd_skcipher_alg **simd_algs);
+DECLARE_CRYPTO_API(simd_register_skciphers_compat, int,
+ (struct skcipher_alg *algs, int count, struct simd_skcipher_alg **simd_algs),
+ (algs, count, simd_algs));
-void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
- struct simd_skcipher_alg **simd_algs);
+DECLARE_CRYPTO_API(simd_unregister_skciphers, void,
+ (struct skcipher_alg *algs, int count, struct simd_skcipher_alg **simd_algs),
+ (algs, count, simd_algs));
/* AEAD support */
struct simd_aead_alg;
struct aead_alg;
-int simd_register_aeads_compat(struct aead_alg *algs, int count,
- struct simd_aead_alg **simd_algs);
+DECLARE_CRYPTO_API(simd_register_aeads_compat, int,
+ (struct aead_alg *algs, int count, struct simd_aead_alg **simd_algs),
+ (algs, count, simd_algs));
-void simd_unregister_aeads(struct aead_alg *algs, int count,
- struct simd_aead_alg **simd_algs);
+DECLARE_CRYPTO_API(simd_unregister_aeads, void,
+ (struct aead_alg *algs, int count, struct simd_aead_alg **simd_algs),
+ (algs, count, simd_algs));
/*
* crypto_simd_usable() - is it allowed at this time to use SIMD instructions or
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 071/104] crypto: fips140: convert crypto/sig.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SIG2 --source crypto/sig.c --header include/crypto/sig.h include/crypto/internal/sig.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 18 ++++++++++++++++++
crypto/sig.c | 20 ++++++++++----------
include/crypto/internal/sig.h | 20 +++++++++++++-------
include/crypto/sig.h | 5 ++++-
4 files changed, 45 insertions(+), 18 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index eec551e120e2..c4e66d008be2 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -544,3 +544,21 @@ DEFINE_CRYPTO_API_STUB(crypto_shash_import_core);
#endif
+/*
+ * crypto/sig.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SIG2)
+
+#include <crypto/sig.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_sig);
+
+#include <crypto/internal/sig.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_register_sig);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_sig);
+DEFINE_CRYPTO_API_STUB(sig_register_instance);
+DEFINE_CRYPTO_API_STUB(crypto_grab_sig);
+
+#endif
+
diff --git a/crypto/sig.c b/crypto/sig.c
index beba745b6405..c0217bd437f6 100644
--- a/crypto/sig.c
+++ b/crypto/sig.c
@@ -77,11 +77,11 @@ static const struct crypto_type crypto_sig_type = {
.algsize = offsetof(struct sig_alg, base),
};
-struct crypto_sig *crypto_alloc_sig(const char *alg_name, u32 type, u32 mask)
+struct crypto_sig *CRYPTO_API(crypto_alloc_sig)(const char *alg_name, u32 type, u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_sig_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_sig);
+DEFINE_CRYPTO_API(crypto_alloc_sig);
static int sig_default_sign(struct crypto_sig *tfm,
const void *src, unsigned int slen,
@@ -134,7 +134,7 @@ static int sig_prepare_alg(struct sig_alg *alg)
return 0;
}
-int crypto_register_sig(struct sig_alg *alg)
+int CRYPTO_API(crypto_register_sig)(struct sig_alg *alg)
{
struct crypto_alg *base = &alg->base;
int err;
@@ -145,15 +145,15 @@ int crypto_register_sig(struct sig_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_sig);
+DEFINE_CRYPTO_API(crypto_register_sig);
-void crypto_unregister_sig(struct sig_alg *alg)
+void CRYPTO_API(crypto_unregister_sig)(struct sig_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_sig);
+DEFINE_CRYPTO_API(crypto_unregister_sig);
-int sig_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(sig_register_instance)(struct crypto_template *tmpl,
struct sig_instance *inst)
{
int err;
@@ -167,16 +167,16 @@ int sig_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, sig_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(sig_register_instance);
+DEFINE_CRYPTO_API(sig_register_instance);
-int crypto_grab_sig(struct crypto_sig_spawn *spawn,
+int CRYPTO_API(crypto_grab_sig)(struct crypto_sig_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_sig_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_sig);
+DEFINE_CRYPTO_API(crypto_grab_sig);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Public Key Signature Algorithms");
diff --git a/include/crypto/internal/sig.h b/include/crypto/internal/sig.h
index b16648c1a986..8efee2dfba72 100644
--- a/include/crypto/internal/sig.h
+++ b/include/crypto/internal/sig.h
@@ -7,6 +7,7 @@
#ifndef _CRYPTO_INTERNAL_SIG_H
#define _CRYPTO_INTERNAL_SIG_H
+#include <crypto/api.h>
#include <crypto/algapi.h>
#include <crypto/sig.h>
@@ -39,7 +40,9 @@ static inline void *crypto_sig_ctx(struct crypto_sig *tfm)
*
* Return: zero on success; error code in case of error
*/
-int crypto_register_sig(struct sig_alg *alg);
+DECLARE_CRYPTO_API(crypto_register_sig, int,
+ (struct sig_alg *alg),
+ (alg));
/**
* crypto_unregister_sig() -- Unregister public key signature algorithm
@@ -48,10 +51,13 @@ int crypto_register_sig(struct sig_alg *alg);
*
* @alg: algorithm definition
*/
-void crypto_unregister_sig(struct sig_alg *alg);
+DECLARE_CRYPTO_API(crypto_unregister_sig, void,
+ (struct sig_alg *alg),
+ (alg));
-int sig_register_instance(struct crypto_template *tmpl,
- struct sig_instance *inst);
+DECLARE_CRYPTO_API(sig_register_instance, int,
+ (struct crypto_template *tmpl, struct sig_instance *inst),
+ (tmpl, inst));
static inline struct sig_instance *sig_instance(struct crypto_instance *inst)
{
@@ -74,9 +80,9 @@ static inline void *sig_instance_ctx(struct sig_instance *inst)
return crypto_instance_ctx(sig_crypto_instance(inst));
}
-int crypto_grab_sig(struct crypto_sig_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_sig, int,
+ (struct crypto_sig_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
static inline struct crypto_sig *crypto_spawn_sig(struct crypto_sig_spawn
*spawn)
diff --git a/include/crypto/sig.h b/include/crypto/sig.h
index fa6dafafab3f..d6da8df9fd28 100644
--- a/include/crypto/sig.h
+++ b/include/crypto/sig.h
@@ -7,6 +7,7 @@
#ifndef _CRYPTO_SIG_H
#define _CRYPTO_SIG_H
+#include <crypto/api.h>
#include <linux/crypto.h>
/**
@@ -91,7 +92,9 @@ struct sig_alg {
* Return: allocated handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_sig *crypto_alloc_sig(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_sig, struct crypto_sig *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_sig_tfm(struct crypto_sig *tfm)
{
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 070/104] crypto: fips140: convert crypto/shash.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_HASH2 --source crypto/shash.c --header include/crypto/hash.h include/crypto/internal/hash.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 33 ++++++++++++++
crypto/shash.c | 80 +++++++++++++++++-----------------
include/crypto/hash.h | 45 ++++++++++++-------
include/crypto/internal/hash.h | 43 ++++++++++++------
4 files changed, 133 insertions(+), 68 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 2567c6d6622f..eec551e120e2 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -511,3 +511,36 @@ DEFINE_CRYPTO_API_STUB(crypto_sha3_init);
#endif
+/*
+ * crypto/shash.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_HASH2)
+
+#include <crypto/hash.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_alloc_shash);
+DEFINE_CRYPTO_API_STUB(crypto_clone_shash);
+DEFINE_CRYPTO_API_STUB(crypto_has_shash);
+DEFINE_CRYPTO_API_STUB(crypto_shash_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_shash_digest);
+DEFINE_CRYPTO_API_STUB(crypto_shash_tfm_digest);
+DEFINE_CRYPTO_API_STUB(crypto_shash_export);
+DEFINE_CRYPTO_API_STUB(crypto_shash_import);
+DEFINE_CRYPTO_API_STUB(crypto_shash_init);
+DEFINE_CRYPTO_API_STUB(crypto_shash_finup);
+
+#include <crypto/internal/hash.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_shash_alg_has_setkey);
+DEFINE_CRYPTO_API_STUB(crypto_register_shash);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_shash);
+DEFINE_CRYPTO_API_STUB(crypto_register_shashes);
+DEFINE_CRYPTO_API_STUB(crypto_unregister_shashes);
+DEFINE_CRYPTO_API_STUB(shash_register_instance);
+DEFINE_CRYPTO_API_STUB(shash_free_singlespawn_instance);
+DEFINE_CRYPTO_API_STUB(crypto_grab_shash);
+DEFINE_CRYPTO_API_STUB(crypto_shash_export_core);
+DEFINE_CRYPTO_API_STUB(crypto_shash_import_core);
+
+#endif
+
diff --git a/crypto/shash.c b/crypto/shash.c
index d45d7ec83a8c..9f154cebbb95 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -47,11 +47,11 @@ static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
* when CFI is enabled, modules won't get the same address for shash_no_setkey
* (if it were exported, which inlining would require) as the core kernel will.
*/
-bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
+bool CRYPTO_API(crypto_shash_alg_has_setkey)(struct shash_alg *alg)
{
return alg->setkey != shash_no_setkey;
}
-EXPORT_SYMBOL_GPL(crypto_shash_alg_has_setkey);
+DEFINE_CRYPTO_API(crypto_shash_alg_has_setkey);
static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
{
@@ -59,7 +59,7 @@ static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
}
-int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
+int CRYPTO_API(crypto_shash_setkey)(struct crypto_shash *tfm, const u8 *key,
unsigned int keylen)
{
struct shash_alg *shash = crypto_shash_alg(tfm);
@@ -74,7 +74,7 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_shash_setkey);
+DEFINE_CRYPTO_API(crypto_shash_setkey);
static int __crypto_shash_init(struct shash_desc *desc)
{
@@ -90,13 +90,13 @@ static int __crypto_shash_init(struct shash_desc *desc)
return crypto_shash_alg(tfm)->init(desc);
}
-int crypto_shash_init(struct shash_desc *desc)
+int CRYPTO_API(crypto_shash_init)(struct shash_desc *desc)
{
if (crypto_shash_get_flags(desc->tfm) & CRYPTO_TFM_NEED_KEY)
return -ENOKEY;
return __crypto_shash_init(desc);
}
-EXPORT_SYMBOL_GPL(crypto_shash_init);
+DEFINE_CRYPTO_API(crypto_shash_init);
static int shash_default_finup(struct shash_desc *desc, const u8 *data,
unsigned int len, u8 *out)
@@ -119,7 +119,7 @@ static int crypto_shash_op_and_zero(
return err;
}
-int crypto_shash_finup(struct shash_desc *restrict desc, const u8 *data,
+int CRYPTO_API(crypto_shash_finup)(struct shash_desc *restrict desc, const u8 *data,
unsigned int len, u8 *restrict out)
{
struct crypto_shash *tfm = desc->tfm;
@@ -183,7 +183,7 @@ int crypto_shash_finup(struct shash_desc *restrict desc, const u8 *data,
return crypto_shash_op_and_zero(crypto_shash_alg(tfm)->finup, desc,
data, len, out);
}
-EXPORT_SYMBOL_GPL(crypto_shash_finup);
+DEFINE_CRYPTO_API(crypto_shash_finup);
static int shash_default_digest(struct shash_desc *desc, const u8 *data,
unsigned int len, u8 *out)
@@ -192,7 +192,7 @@ static int shash_default_digest(struct shash_desc *desc, const u8 *data,
crypto_shash_finup(desc, data, len, out);
}
-int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
+int CRYPTO_API(crypto_shash_digest)(struct shash_desc *desc, const u8 *data,
unsigned int len, u8 *out)
{
struct crypto_shash *tfm = desc->tfm;
@@ -203,9 +203,9 @@ int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
return crypto_shash_op_and_zero(crypto_shash_alg(tfm)->digest, desc,
data, len, out);
}
-EXPORT_SYMBOL_GPL(crypto_shash_digest);
+DEFINE_CRYPTO_API(crypto_shash_digest);
-int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
+int CRYPTO_API(crypto_shash_tfm_digest)(struct crypto_shash *tfm, const u8 *data,
unsigned int len, u8 *out)
{
SHASH_DESC_ON_STACK(desc, tfm);
@@ -213,7 +213,7 @@ int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
desc->tfm = tfm;
return crypto_shash_digest(desc, data, len, out);
}
-EXPORT_SYMBOL_GPL(crypto_shash_tfm_digest);
+DEFINE_CRYPTO_API(crypto_shash_tfm_digest);
static int __crypto_shash_export(struct shash_desc *desc, void *out,
int (*export)(struct shash_desc *desc,
@@ -235,14 +235,14 @@ static int __crypto_shash_export(struct shash_desc *desc, void *out,
return export(desc, out);
}
-int crypto_shash_export_core(struct shash_desc *desc, void *out)
+int CRYPTO_API(crypto_shash_export_core)(struct shash_desc *desc, void *out)
{
return __crypto_shash_export(desc, out,
crypto_shash_alg(desc->tfm)->export_core);
}
-EXPORT_SYMBOL_GPL(crypto_shash_export_core);
+DEFINE_CRYPTO_API(crypto_shash_export_core);
-int crypto_shash_export(struct shash_desc *desc, void *out)
+int CRYPTO_API(crypto_shash_export)(struct shash_desc *desc, void *out)
{
struct crypto_shash *tfm = desc->tfm;
@@ -256,7 +256,7 @@ int crypto_shash_export(struct shash_desc *desc, void *out)
}
return __crypto_shash_export(desc, out, crypto_shash_alg(tfm)->export);
}
-EXPORT_SYMBOL_GPL(crypto_shash_export);
+DEFINE_CRYPTO_API(crypto_shash_export);
static int __crypto_shash_import(struct shash_desc *desc, const void *in,
int (*import)(struct shash_desc *desc,
@@ -284,14 +284,14 @@ static int __crypto_shash_import(struct shash_desc *desc, const void *in,
return import(desc, in);
}
-int crypto_shash_import_core(struct shash_desc *desc, const void *in)
+int CRYPTO_API(crypto_shash_import_core)(struct shash_desc *desc, const void *in)
{
return __crypto_shash_import(desc, in,
crypto_shash_alg(desc->tfm)->import_core);
}
-EXPORT_SYMBOL_GPL(crypto_shash_import_core);
+DEFINE_CRYPTO_API(crypto_shash_import_core);
-int crypto_shash_import(struct shash_desc *desc, const void *in)
+int CRYPTO_API(crypto_shash_import)(struct shash_desc *desc, const void *in)
{
struct crypto_shash *tfm = desc->tfm;
int err;
@@ -309,7 +309,7 @@ int crypto_shash_import(struct shash_desc *desc, const void *in)
}
return err;
}
-EXPORT_SYMBOL_GPL(crypto_shash_import);
+DEFINE_CRYPTO_API(crypto_shash_import);
static void crypto_shash_exit_tfm(struct crypto_tfm *tfm)
{
@@ -386,29 +386,29 @@ const struct crypto_type crypto_shash_type = {
.algsize = offsetof(struct shash_alg, base),
};
-int crypto_grab_shash(struct crypto_shash_spawn *spawn,
+int CRYPTO_API(crypto_grab_shash)(struct crypto_shash_spawn *spawn,
struct crypto_instance *inst,
const char *name, u32 type, u32 mask)
{
spawn->base.frontend = &crypto_shash_type;
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_grab_shash);
+DEFINE_CRYPTO_API(crypto_grab_shash);
-struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
+struct crypto_shash *CRYPTO_API(crypto_alloc_shash)(const char *alg_name, u32 type,
u32 mask)
{
return crypto_alloc_tfm(alg_name, &crypto_shash_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_shash);
+DEFINE_CRYPTO_API(crypto_alloc_shash);
-int crypto_has_shash(const char *alg_name, u32 type, u32 mask)
+int CRYPTO_API(crypto_has_shash)(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_shash_type, type, mask);
}
-EXPORT_SYMBOL_GPL(crypto_has_shash);
+DEFINE_CRYPTO_API(crypto_has_shash);
-struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash)
+struct crypto_shash *CRYPTO_API(crypto_clone_shash)(struct crypto_shash *hash)
{
struct crypto_tfm *tfm = crypto_shash_tfm(hash);
struct shash_alg *alg = crypto_shash_alg(hash);
@@ -443,7 +443,7 @@ struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash)
return nhash;
}
-EXPORT_SYMBOL_GPL(crypto_clone_shash);
+DEFINE_CRYPTO_API(crypto_clone_shash);
int hash_prepare_alg(struct hash_alg_common *alg)
{
@@ -529,7 +529,7 @@ static int shash_prepare_alg(struct shash_alg *alg)
return 0;
}
-int crypto_register_shash(struct shash_alg *alg)
+int CRYPTO_API(crypto_register_shash)(struct shash_alg *alg)
{
struct crypto_alg *base = &alg->base;
int err;
@@ -540,15 +540,15 @@ int crypto_register_shash(struct shash_alg *alg)
return crypto_register_alg(base);
}
-EXPORT_SYMBOL_GPL(crypto_register_shash);
+DEFINE_CRYPTO_API(crypto_register_shash);
-void crypto_unregister_shash(struct shash_alg *alg)
+void CRYPTO_API(crypto_unregister_shash)(struct shash_alg *alg)
{
crypto_unregister_alg(&alg->base);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_shash);
+DEFINE_CRYPTO_API(crypto_unregister_shash);
-int crypto_register_shashes(struct shash_alg *algs, int count)
+int CRYPTO_API(crypto_register_shashes)(struct shash_alg *algs, int count)
{
int i, ret;
@@ -566,18 +566,18 @@ int crypto_register_shashes(struct shash_alg *algs, int count)
return ret;
}
-EXPORT_SYMBOL_GPL(crypto_register_shashes);
+DEFINE_CRYPTO_API(crypto_register_shashes);
-void crypto_unregister_shashes(struct shash_alg *algs, int count)
+void CRYPTO_API(crypto_unregister_shashes)(struct shash_alg *algs, int count)
{
int i;
for (i = count - 1; i >= 0; --i)
crypto_unregister_shash(&algs[i]);
}
-EXPORT_SYMBOL_GPL(crypto_unregister_shashes);
+DEFINE_CRYPTO_API(crypto_unregister_shashes);
-int shash_register_instance(struct crypto_template *tmpl,
+int CRYPTO_API(shash_register_instance)(struct crypto_template *tmpl,
struct shash_instance *inst)
{
int err;
@@ -591,14 +591,14 @@ int shash_register_instance(struct crypto_template *tmpl,
return crypto_register_instance(tmpl, shash_crypto_instance(inst));
}
-EXPORT_SYMBOL_GPL(shash_register_instance);
+DEFINE_CRYPTO_API(shash_register_instance);
-void shash_free_singlespawn_instance(struct shash_instance *inst)
+void CRYPTO_API(shash_free_singlespawn_instance)(struct shash_instance *inst)
{
crypto_drop_spawn(shash_instance_ctx(inst));
kfree(inst);
}
-EXPORT_SYMBOL_GPL(shash_free_singlespawn_instance);
+DEFINE_CRYPTO_API(shash_free_singlespawn_instance);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Synchronous cryptographic hash type");
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index c9d6ee97360e..3476f6209a22 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -765,12 +765,17 @@ static inline void ahash_request_set_virt(struct ahash_request *req,
* Return: allocated cipher handle in case of success; IS_ERR() is true in case
* of an error, PTR_ERR() returns the error code.
*/
-struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
- u32 mask);
+DECLARE_CRYPTO_API(crypto_alloc_shash, struct crypto_shash *,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
-struct crypto_shash *crypto_clone_shash(struct crypto_shash *tfm);
+DECLARE_CRYPTO_API(crypto_clone_shash, struct crypto_shash *,
+ (struct crypto_shash *tfm),
+ (tfm));
-int crypto_has_shash(const char *alg_name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_has_shash, int,
+ (const char *alg_name, u32 type, u32 mask),
+ (alg_name, type, mask));
static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
{
@@ -894,8 +899,9 @@ static inline void *shash_desc_ctx(struct shash_desc *desc)
* Context: Softirq or process context.
* Return: 0 if the setting of the key was successful; < 0 if an error occurred
*/
-int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
- unsigned int keylen);
+DECLARE_CRYPTO_API(crypto_shash_setkey, int,
+ (struct crypto_shash *tfm, const u8 *key, unsigned int keylen),
+ (tfm, key, keylen));
/**
* crypto_shash_digest() - calculate message digest for buffer
@@ -912,8 +918,9 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
* Return: 0 if the message digest creation was successful; < 0 if an error
* occurred
*/
-int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
- unsigned int len, u8 *out);
+DECLARE_CRYPTO_API(crypto_shash_digest, int,
+ (struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out),
+ (desc, data, len, out));
/**
* crypto_shash_tfm_digest() - calculate message digest for buffer
@@ -931,8 +938,9 @@ int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
* Context: Softirq or process context.
* Return: 0 on success; < 0 if an error occurred.
*/
-int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
- unsigned int len, u8 *out);
+DECLARE_CRYPTO_API(crypto_shash_tfm_digest, int,
+ (struct crypto_shash *tfm, const u8 *data, unsigned int len, u8 *out),
+ (tfm, data, len, out));
DECLARE_CRYPTO_API(crypto_hash_digest, int,
(struct crypto_ahash *tfm, const u8 *data, unsigned int len, u8 *out),
@@ -950,7 +958,9 @@ DECLARE_CRYPTO_API(crypto_hash_digest, int,
* Context: Softirq or process context.
* Return: 0 if the export creation was successful; < 0 if an error occurred
*/
-int crypto_shash_export(struct shash_desc *desc, void *out);
+DECLARE_CRYPTO_API(crypto_shash_export, int,
+ (struct shash_desc *desc, void *out),
+ (desc, out));
/**
* crypto_shash_import() - import operational state
@@ -964,7 +974,9 @@ int crypto_shash_export(struct shash_desc *desc, void *out);
* Context: Softirq or process context.
* Return: 0 if the import was successful; < 0 if an error occurred
*/
-int crypto_shash_import(struct shash_desc *desc, const void *in);
+DECLARE_CRYPTO_API(crypto_shash_import, int,
+ (struct shash_desc *desc, const void *in),
+ (desc, in));
/**
* crypto_shash_init() - (re)initialize message digest
@@ -978,7 +990,9 @@ int crypto_shash_import(struct shash_desc *desc, const void *in);
* Return: 0 if the message digest initialization was successful; < 0 if an
* error occurred
*/
-int crypto_shash_init(struct shash_desc *desc);
+DECLARE_CRYPTO_API(crypto_shash_init, int,
+ (struct shash_desc *desc),
+ (desc));
/**
* crypto_shash_finup() - calculate message digest of buffer
@@ -995,8 +1009,9 @@ int crypto_shash_init(struct shash_desc *desc);
* Return: 0 if the message digest creation was successful; < 0 if an error
* occurred
*/
-int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
- unsigned int len, u8 *out);
+DECLARE_CRYPTO_API(crypto_shash_finup, int,
+ (struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out),
+ (desc, data, len, out));
/**
* crypto_shash_update() - add data to message digest for processing
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index c3f9ca511cf5..29b51abc1bad 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -107,7 +107,9 @@ DECLARE_CRYPTO_API(ahash_free_singlespawn_instance, void,
(struct ahash_instance *inst),
(inst));
-bool crypto_shash_alg_has_setkey(struct shash_alg *alg);
+DECLARE_CRYPTO_API(crypto_shash_alg_has_setkey, bool,
+ (struct shash_alg *alg),
+ (alg));
DECLARE_CRYPTO_API(crypto_hash_alg_has_setkey, bool,
(struct hash_alg_common *halg),
@@ -146,17 +148,28 @@ static inline struct hash_alg_common *crypto_spawn_ahash_alg(
return __crypto_hash_alg_common(spawn->base.alg);
}
-int crypto_register_shash(struct shash_alg *alg);
-void crypto_unregister_shash(struct shash_alg *alg);
-int crypto_register_shashes(struct shash_alg *algs, int count);
-void crypto_unregister_shashes(struct shash_alg *algs, int count);
-int shash_register_instance(struct crypto_template *tmpl,
- struct shash_instance *inst);
-void shash_free_singlespawn_instance(struct shash_instance *inst);
+DECLARE_CRYPTO_API(crypto_register_shash, int,
+ (struct shash_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_unregister_shash, void,
+ (struct shash_alg *alg),
+ (alg));
+DECLARE_CRYPTO_API(crypto_register_shashes, int,
+ (struct shash_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(crypto_unregister_shashes, void,
+ (struct shash_alg *algs, int count),
+ (algs, count));
+DECLARE_CRYPTO_API(shash_register_instance, int,
+ (struct crypto_template *tmpl, struct shash_instance *inst),
+ (tmpl, inst));
+DECLARE_CRYPTO_API(shash_free_singlespawn_instance, void,
+ (struct shash_instance *inst),
+ (inst));
-int crypto_grab_shash(struct crypto_shash_spawn *spawn,
- struct crypto_instance *inst,
- const char *name, u32 type, u32 mask);
+DECLARE_CRYPTO_API(crypto_grab_shash, int,
+ (struct crypto_shash_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask),
+ (spawn, inst, name, type, mask));
static inline void crypto_drop_shash(struct crypto_shash_spawn *spawn)
{
@@ -408,7 +421,9 @@ DECLARE_CRYPTO_API(crypto_ahash_import_core, int,
* Context: Softirq or process context.
* Return: 0 if the export creation was successful; < 0 if an error occurred
*/
-int crypto_shash_export_core(struct shash_desc *desc, void *out);
+DECLARE_CRYPTO_API(crypto_shash_export_core, int,
+ (struct shash_desc *desc, void *out),
+ (desc, out));
/**
* crypto_shash_import_core() - import core state
@@ -420,7 +435,9 @@ int crypto_shash_export_core(struct shash_desc *desc, void *out);
* Context: Softirq or process context.
* Return: 0 if the import was successful; < 0 if an error occurred
*/
-int crypto_shash_import_core(struct shash_desc *desc, const void *in);
+DECLARE_CRYPTO_API(crypto_shash_import_core, int,
+ (struct shash_desc *desc, const void *in),
+ (desc, in));
#endif /* _CRYPTO_INTERNAL_HASH_H */
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 069/104] crypto: fips140: convert crypto/sha512.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SHA512 --source crypto/sha512.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/sha512.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/sha512.c b/crypto/sha512.c
index fb1c520978ef..ee4639b0e74e 100644
--- a/crypto/sha512.c
+++ b/crypto/sha512.c
@@ -333,13 +333,13 @@ static int __init crypto_sha512_mod_init(void)
{
return crypto_register_shashes(algs, ARRAY_SIZE(algs));
}
-module_init(crypto_sha512_mod_init);
+crypto_module_init(crypto_sha512_mod_init);
static void __exit crypto_sha512_mod_exit(void)
{
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
-module_exit(crypto_sha512_mod_exit);
+crypto_module_exit(crypto_sha512_mod_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Crypto API support for SHA-384, SHA-512, HMAC-SHA384, and HMAC-SHA512");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 068/104] crypto: fips140: convert crypto/sha3_generic.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SHA3 --source crypto/sha3_generic.c --header include/crypto/sha3.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 11 +++++++++++
crypto/sha3_generic.c | 8 ++++----
include/crypto/sha3.h | 5 ++++-
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 47977f5b8554..2567c6d6622f 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -500,3 +500,14 @@ DEFINE_CRYPTO_API_STUB(rsa_parse_priv_key);
#endif
+/*
+ * crypto/sha3_generic.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_SHA3)
+
+#include <crypto/sha3.h>
+
+DEFINE_CRYPTO_API_STUB(crypto_sha3_init);
+
+#endif
+
diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c
index 41d1e506e6de..b04bd86d6d2f 100644
--- a/crypto/sha3_generic.c
+++ b/crypto/sha3_generic.c
@@ -158,14 +158,14 @@ static void keccakf(u64 st[25])
}
}
-int crypto_sha3_init(struct shash_desc *desc)
+int CRYPTO_API(crypto_sha3_init)(struct shash_desc *desc)
{
struct sha3_state *sctx = shash_desc_ctx(desc);
memset(sctx->st, 0, sizeof(sctx->st));
return 0;
}
-EXPORT_SYMBOL(crypto_sha3_init);
+DEFINE_CRYPTO_API(crypto_sha3_init);
static int crypto_sha3_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
@@ -274,8 +274,8 @@ static void __exit sha3_generic_mod_fini(void)
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
-module_init(sha3_generic_mod_init);
-module_exit(sha3_generic_mod_fini);
+crypto_module_init(sha3_generic_mod_init);
+crypto_module_exit(sha3_generic_mod_fini);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("SHA-3 Secure Hash Algorithm");
diff --git a/include/crypto/sha3.h b/include/crypto/sha3.h
index 41e1b83a6d91..7ae0affff089 100644
--- a/include/crypto/sha3.h
+++ b/include/crypto/sha3.h
@@ -5,6 +5,7 @@
#ifndef __CRYPTO_SHA3_H__
#define __CRYPTO_SHA3_H__
+#include <crypto/api.h>
#include <linux/types.h>
#define SHA3_224_DIGEST_SIZE (224 / 8)
@@ -31,6 +32,8 @@ struct sha3_state {
u64 st[SHA3_STATE_SIZE / 8];
};
-int crypto_sha3_init(struct shash_desc *desc);
+DECLARE_CRYPTO_API(crypto_sha3_init, int,
+ (struct shash_desc *desc),
+ (desc));
#endif
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 067/104] crypto: fips140: convert crypto/sha256.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SHA256 --source crypto/sha256.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/sha256.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/sha256.c b/crypto/sha256.c
index 052806559f06..808448aa01c7 100644
--- a/crypto/sha256.c
+++ b/crypto/sha256.c
@@ -327,13 +327,13 @@ static int __init crypto_sha256_mod_init(void)
{
return crypto_register_shashes(algs, ARRAY_SIZE(algs));
}
-module_init(crypto_sha256_mod_init);
+crypto_module_init(crypto_sha256_mod_init);
static void __exit crypto_sha256_mod_exit(void)
{
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
-module_exit(crypto_sha256_mod_exit);
+crypto_module_exit(crypto_sha256_mod_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Crypto API support for SHA-224, SHA-256, HMAC-SHA224, and HMAC-SHA256");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 066/104] crypto: fips140: convert crypto/sha1.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SHA1 --source crypto/sha1.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/sha1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/sha1.c b/crypto/sha1.c
index ecef4bf2d9c0..17f635542943 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -184,13 +184,13 @@ static int __init crypto_sha1_mod_init(void)
{
return crypto_register_shashes(algs, ARRAY_SIZE(algs));
}
-module_init(crypto_sha1_mod_init);
+crypto_module_init(crypto_sha1_mod_init);
static void __exit crypto_sha1_mod_exit(void)
{
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
-module_exit(crypto_sha1_mod_exit);
+crypto_module_exit(crypto_sha1_mod_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Crypto API support for SHA-1 and HMAC-SHA1");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 065/104] crypto: fips140: convert crypto/seqiv.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_SEQIV --source crypto/seqiv.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/seqiv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/seqiv.c b/crypto/seqiv.c
index 2bae99e33526..169f4f9e9df1 100644
--- a/crypto/seqiv.c
+++ b/crypto/seqiv.c
@@ -168,8 +168,8 @@ static void __exit seqiv_module_exit(void)
crypto_unregister_template(&seqiv_tmpl);
}
-module_init(seqiv_module_init);
-module_exit(seqiv_module_exit);
+crypto_module_init(seqiv_module_init);
+crypto_module_exit(seqiv_module_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Sequence Number IV Generator");
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 064/104] crypto: fips140: convert crypto/rsa_helper.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_RSA --source crypto/rsa_helper.c --header include/crypto/internal/rsa.h
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/fips140-api.c | 12 ++++++++++++
crypto/rsa_helper.c | 8 ++++----
include/crypto/internal/rsa.h | 12 ++++++++----
3 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index 8810af32dd43..47977f5b8554 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -488,3 +488,15 @@ DEFINE_CRYPTO_API_STUB(crypto_del_default_rng);
#endif
+/*
+ * crypto/rsa_helper.c
+ */
+#if !IS_BUILTIN(CONFIG_CRYPTO_RSA)
+
+#include <crypto/internal/rsa.h>
+
+DEFINE_CRYPTO_API_STUB(rsa_parse_pub_key);
+DEFINE_CRYPTO_API_STUB(rsa_parse_priv_key);
+
+#endif
+
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index 94266f29049c..ba1278fcf393 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -159,12 +159,12 @@ int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
*
* Return: 0 on success or error code in case of error
*/
-int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
+int CRYPTO_API(rsa_parse_pub_key)(struct rsa_key *rsa_key, const void *key,
unsigned int key_len)
{
return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
}
-EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
+DEFINE_CRYPTO_API(rsa_parse_pub_key);
/**
* rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
@@ -178,9 +178,9 @@ EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
*
* Return: 0 on success or error code in case of error
*/
-int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
+int CRYPTO_API(rsa_parse_priv_key)(struct rsa_key *rsa_key, const void *key,
unsigned int key_len)
{
return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
}
-EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
+DEFINE_CRYPTO_API(rsa_parse_priv_key);
diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
index 071a1951b992..1265aa81f6fe 100644
--- a/include/crypto/internal/rsa.h
+++ b/include/crypto/internal/rsa.h
@@ -7,6 +7,8 @@
*/
#ifndef _RSA_HELPER_
#define _RSA_HELPER_
+
+#include <crypto/api.h>
#include <linux/types.h>
#include <crypto/akcipher.h>
@@ -48,11 +50,13 @@ struct rsa_key {
size_t qinv_sz;
};
-int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
- unsigned int key_len);
+DECLARE_CRYPTO_API(rsa_parse_pub_key, int,
+ (struct rsa_key *rsa_key, const void *key, unsigned int key_len),
+ (rsa_key, key, key_len));
-int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
- unsigned int key_len);
+DECLARE_CRYPTO_API(rsa_parse_priv_key, int,
+ (struct rsa_key *rsa_key, const void *key, unsigned int key_len),
+ (rsa_key, key, key_len));
#define RSA_PUB (true)
#define RSA_PRIV (false)
--
2.39.3
^ permalink raw reply related
* [PATCH RFC 063/104] crypto: fips140: convert crypto/rsa.c to using crypto API wrappers
From: Vegard Nossum @ 2025-09-04 15:51 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, linux-crypto, Luis Chamberlain,
Petr Pavlu, Daniel Gomez
Cc: Ard Biesheuvel, Eric Biggers, Jason A . Donenfeld,
Greg Kroah-Hartman, Wang, Jay, Nicolai Stange, Vladis Dronov,
Stephan Mueller, Sami Tolvanen, linux-modules, Vegard Nossum
In-Reply-To: <20250904155216.460962-1-vegard.nossum@oracle.com>
Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_CRYPTO_RSA --source crypto/rsa.c
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
crypto/rsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 6c7734083c98..44eef74ebad8 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -430,8 +430,8 @@ static void __exit rsa_exit(void)
crypto_unregister_akcipher(&rsa);
}
-module_init(rsa_init);
-module_exit(rsa_exit);
+crypto_module_init(rsa_init);
+crypto_module_exit(rsa_exit);
MODULE_ALIAS_CRYPTO("rsa");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("RSA generic algorithm");
--
2.39.3
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox