[PATCH RFC 083/104] crypto: fips140: convert crypto/asymmetric_keys/public_key.c to using crypto API wrappers

Thu, 04 Sep 2025 09:50:49 -0700 

Use CRYPTO_API() etc. from include/crypto/api.h in preparation for
compilation as part of support for FIPS 140 standalone modules.

Generated using:

  ./fipsify.py --config CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE --source 
crypto/asymmetric_keys/public_key.c --header include/crypto/public_key.h

Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
 crypto/asymmetric_keys/public_key.c |  8 ++++----
 crypto/fips140-api.c                | 12 ++++++++++++
 include/crypto/public_key.h         | 10 +++++++---
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/crypto/asymmetric_keys/public_key.c 
b/crypto/asymmetric_keys/public_key.c
index e5b177c8e842..a35689994302 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -39,7 +39,7 @@ static void public_key_describe(const struct key 
*asymmetric_key,
 /*
  * Destroy a public key algorithm key.
  */
-void public_key_free(struct public_key *key)
+void CRYPTO_API(public_key_free)(struct public_key *key)
 {
        if (key) {
                kfree_sensitive(key->key);
@@ -47,7 +47,7 @@ void public_key_free(struct public_key *key)
                kfree(key);
        }
 }
-EXPORT_SYMBOL_GPL(public_key_free);
+DEFINE_CRYPTO_API(public_key_free);
 
 /*
  * Destroy a public key algorithm key.
@@ -365,7 +365,7 @@ static int software_key_eds_op(struct kernel_pkey_params 
*params,
 /*
  * Verify a signature using a public key.
  */
-int public_key_verify_signature(const struct public_key *pkey,
+int CRYPTO_API(public_key_verify_signature)(const struct public_key *pkey,
                                const struct public_key_signature *sig)
 {
        char alg_name[CRYPTO_MAX_ALG_NAME];
@@ -437,7 +437,7 @@ int public_key_verify_signature(const struct public_key 
*pkey,
                ret = -EINVAL;
        return ret;
 }
-EXPORT_SYMBOL_GPL(public_key_verify_signature);
+DEFINE_CRYPTO_API(public_key_verify_signature);
 
 static int public_key_verify_signature_2(const struct key *key,
                                         const struct public_key_signature *sig)
diff --git a/crypto/fips140-api.c b/crypto/fips140-api.c
index fb3dc947022a..49e89f4bdddb 100644
--- a/crypto/fips140-api.c
+++ b/crypto/fips140-api.c
@@ -675,3 +675,15 @@ DEFINE_CRYPTO_API_STUB(pkcs7_supply_detached_data);
 
 #endif
 
+/*
+ * crypto/asymmetric_keys/public_key.c
+ */
+#if !IS_BUILTIN(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
+
+#include <crypto/public_key.h>
+
+DEFINE_CRYPTO_API_STUB(public_key_free);
+DEFINE_CRYPTO_API_STUB(public_key_verify_signature);
+
+#endif
+
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 81098e00c08f..46e6e14b8559 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -10,6 +10,7 @@
 #ifndef _LINUX_PUBLIC_KEY_H
 #define _LINUX_PUBLIC_KEY_H
 
+#include <crypto/api.h>
 #include <linux/errno.h>
 #include <linux/keyctl.h>
 #include <linux/oid_registry.h>
@@ -35,7 +36,9 @@ struct public_key {
 #define KEY_EFLAG_KEYCERTSIGN  2       /* set if the keyCertSign usage is set 
*/
 };
 
-extern void public_key_free(struct public_key *key);
+DECLARE_CRYPTO_API(public_key_free, void,
+       (struct public_key *key),
+       (key));
 
 /*
  * Public key cryptography signature data
@@ -108,8 +111,9 @@ extern int verify_signature(const struct key *,
                            const struct public_key_signature *);
 
 #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
-int public_key_verify_signature(const struct public_key *pkey,
-                               const struct public_key_signature *sig);
+DECLARE_CRYPTO_API(public_key_verify_signature, int,
+       (const struct public_key *pkey, const struct public_key_signature *sig),
+       (pkey, sig));
 #else
 static inline
 int public_key_verify_signature(const struct public_key *pkey,
-- 
2.39.3

Reply via email to