Apply Crypto API wrappers to the exported crypto symbol in CONFIG_PKCS7_MESSAGE_PARSER-related crypto to convert them into pluggable interface.
This patch is partially based on work by Vegard Nossum, with modifications. Unlike the original, we do not include DEFINE_CRYPTO_API since only one copy of the crypto symbols is kept, either in the crypto module or in the main kernel, and we ensure such wrapper do not have impact on crypto already chosen built as module. Co-developed-by: Vegard Nossum <[email protected]> Signed-off-by: Jay Wang <[email protected]> --- crypto/asymmetric_keys/Makefile | 2 +- crypto/fips140/fips140-api.c | 33 +++++++++++++++++++++++++++++++++ include/crypto/pkcs7.h | 31 +++++++++++++++++++------------ 3 files changed, 53 insertions(+), 13 deletions(-) diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index b42c48d973d3..c68fdcd2c5cf 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -50,7 +50,7 @@ clean-files += pkcs8.asn1.c pkcs8.asn1.h # # PKCS#7 message handling # -obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o +crypto-objs-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o pkcs7_message-y := \ pkcs7.asn1.o \ pkcs7_parser.o \ diff --git a/crypto/fips140/fips140-api.c b/crypto/fips140/fips140-api.c index d08a001bb0db..e679932ab552 100644 --- a/crypto/fips140/fips140-api.c +++ b/crypto/fips140/fips140-api.c @@ -493,3 +493,36 @@ DEFINE_CRYPTO_API_STUB(x509_decode_time); DEFINE_CRYPTO_API_STUB(x509_load_certificate_list); #endif +/* + * crypto/asymmetric_keys/pkcs7_parser.c + */ +#if IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER) + +#include <crypto/pkcs7.h> + +DEFINE_CRYPTO_API_STUB(pkcs7_parse_message); +DEFINE_CRYPTO_API_STUB(pkcs7_free_message); +DEFINE_CRYPTO_API_STUB(pkcs7_get_content_data); + +#endif +/* + * crypto/asymmetric_keys/pkcs7_trust.c + */ +#if IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER) + +#include <crypto/pkcs7.h> + +DEFINE_CRYPTO_API_STUB(pkcs7_validate_trust); + +#endif +/* + * crypto/asymmetric_keys/pkcs7_verify.c + */ +#if IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER) + +#include <crypto/pkcs7.h> + +DEFINE_CRYPTO_API_STUB(pkcs7_verify); +DEFINE_CRYPTO_API_STUB(pkcs7_supply_detached_data); + +#endif diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h index 38ec7f5f9041..63a7f2dbe627 100644 --- a/include/crypto/pkcs7.h +++ b/include/crypto/pkcs7.h @@ -8,6 +8,7 @@ #ifndef _CRYPTO_PKCS7_H #define _CRYPTO_PKCS7_H +#include <crypto/api.h> #include <linux/verification.h> #include <linux/hash_info.h> #include <crypto/public_key.h> @@ -18,28 +19,34 @@ struct pkcs7_message; /* * pkcs7_parser.c */ -extern struct pkcs7_message *pkcs7_parse_message(const void *data, - size_t datalen); -extern void pkcs7_free_message(struct pkcs7_message *pkcs7); +DECLARE_CRYPTO_API(CONFIG_PKCS7_MESSAGE_PARSER, pkcs7_parse_message, struct pkcs7_message *, + (const void *data, size_t datalen), + (data, datalen)); +DECLARE_CRYPTO_API(CONFIG_PKCS7_MESSAGE_PARSER, pkcs7_free_message, void, + (struct pkcs7_message *pkcs7), + (pkcs7)); -extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7, - const void **_data, size_t *_datalen, - size_t *_headerlen); +DECLARE_CRYPTO_API(CONFIG_PKCS7_MESSAGE_PARSER, pkcs7_get_content_data, int, + (const struct pkcs7_message *pkcs7, const void **_data, size_t *_datalen, size_t *_headerlen), + (pkcs7, _data, _datalen, _headerlen)); /* * pkcs7_trust.c */ -extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7, - struct key *trust_keyring); +DECLARE_CRYPTO_API(CONFIG_PKCS7_MESSAGE_PARSER, pkcs7_validate_trust, int, + (struct pkcs7_message *pkcs7, struct key *trust_keyring), + (pkcs7, trust_keyring)); /* * pkcs7_verify.c */ -extern int pkcs7_verify(struct pkcs7_message *pkcs7, - enum key_being_used_for usage); +DECLARE_CRYPTO_API(CONFIG_PKCS7_MESSAGE_PARSER, pkcs7_verify, int, + (struct pkcs7_message *pkcs7, enum key_being_used_for usage), + (pkcs7, usage)); -extern int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7, - const void *data, size_t datalen); +DECLARE_CRYPTO_API(CONFIG_PKCS7_MESSAGE_PARSER, pkcs7_supply_detached_data, int, + (struct pkcs7_message *pkcs7, const void *data, size_t datalen), + (pkcs7, data, datalen)); extern int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf, u32 *len, enum hash_algo *hash_algo); -- 2.47.3
