Hi Herbert, If you could look over this pair of patches? The second patch adds a simple selftest to allow the signature verification code so that it can be FIPS compliant. The first moves load_certificate_list() to the asymmetric key code to make this easier and renames it. I generated the test data myself, but I'm open to using some standard test data if you know of some; we don't want too much, however, as it's incompressible. Also, it has avoid blacklist checks on the keys it is using, lest the UEFI blacklist cause the selftest to fail. The patches can be found on the following branch: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes David --- David Howells (2): certs: Move load_certificate_list() to be with the asymmetric keys code certs: Add FIPS selftests certs/Makefile | 4 +- certs/blacklist.c | 8 +- certs/common.c | 57 ------ certs/common.h | 9 - certs/system_keyring.c | 6 +- crypto/asymmetric_keys/Kconfig | 10 + crypto/asymmetric_keys/Makefile | 2 + crypto/asymmetric_keys/selftest.c | 224 +++++++++++++++++++++++ crypto/asymmetric_keys/x509_loader.c | 57 ++++++ crypto/asymmetric_keys/x509_parser.h | 9 + crypto/asymmetric_keys/x509_public_key.c | 8 +- include/keys/asymmetric-type.h | 3 + 12 files changed, 321 insertions(+), 76 deletions(-) delete mode 100644 certs/common.c delete mode 100644 certs/common.h create mode 100644 crypto/asymmetric_keys/selftest.c create mode 100644 crypto/asymmetric_keys/x509_loader.c