Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.
Generated using:
./fipsify.py --config CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE --source crypto/asymmetric_keys/public_key.c --header include/crypto/public_key.h
Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
---
crypto/asymmetric_keys/public_key.c | 8 ++++----
crypto/fips140-api.c | 12 ++++++++++++
include/crypto/public_key.h | 10 +++++++---
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index e5b177c8e842..a35689994302 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -39,7 +39,7 @@ static void public_key_describe(const struct key *asymmetric_key,
/*
* Destroy a public key algorithm key.
*/
-void public_key_free(struct public_key *key)
+void CRYPTO_API(public_key_free)(struct public_key *key)
{
if (key) {
kfree_sensitive(key->key);
@@ -47,7 +47,7 @@ void public_key_free(struct public_key *key)
kfree(key);
}
}
-EXPORT_SYMBOL_GPL(public_key_free);
+DEFINE_CRYPTO_API(public_key_free);
/*
* Destroy a public key algorithm key.
@@ -365,7 +365,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params,
/*
* Verify a signature using a public key.
*/
-int public_key_verify_signature(const struct public_key *pkey,
+int CRYPTO_API(public_key_verify_signature)(const struct public_key *pkey,
const struct public_key_signature *sig)
{
char alg_name[CRYPTO_MAX_ALG_NAME];
@@ -437,7 +437,7 @@ int public_key_verify_signature(const struct public_key *pkey,
ret = -EINVAL;
return ret;
}
-EXPORT_SYMBOL_GPL(public_key_verify_signature);
+DEFINE_CRYPTO_API(public_key_verify_signature);
static int public_key_verify_signature_2(const struct key *key,
const struct public_key_signature *sig)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index fb3dc947022a..49e89f4bdddb 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -675,3 +675,15 @@ DEFINE_CRYPTO_API_STUB(pkcs7_supply_detached_data);
#endif
+/*
+ * crypto/asymmetric_keys/public_key.c
+ */
+#if !IS_BUILTIN(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
+
+#include <crypto/public_key.h>
+
+DEFINE_CRYPTO_API_STUB(public_key_free);
+DEFINE_CRYPTO_API_STUB(public_key_verify_signature);
+
+#endif
+
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 81098e00c08f..46e6e14b8559 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -10,6 +10,7 @@
#ifndef _LINUX_PUBLIC_KEY_H
#define _LINUX_PUBLIC_KEY_H
+#include <crypto/api.h>
#include <linux/errno.h>
#include <linux/keyctl.h>
#include <linux/oid_registry.h>
@@ -35,7 +36,9 @@ struct public_key {
#define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
};
-extern void public_key_free(struct public_key *key);
+DECLARE_CRYPTO_API(public_key_free, void,
+ (struct public_key *key),
+ (key));
/*
* Public key cryptography signature data
@@ -108,8 +111,9 @@ extern int verify_signature(const struct key *,
const struct public_key_signature *);
#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
-int public_key_verify_signature(const struct public_key *pkey,
- const struct public_key_signature *sig);
+DECLARE_CRYPTO_API(public_key_verify_signature, int,
+ (const struct public_key *pkey, const struct public_key_signature *sig),
+ (pkey, sig));
#else
static inline
int public_key_verify_signature(const struct public_key *pkey,
--
2.39.3
