On Mon, 2022-06-13 at 22:56 +0100, David Howells wrote: > Hi Herbert, > > If you could look over this pair of patches? The second patch adds a simple > selftest to allow the signature verification code so that it can be FIPS > compliant. The first moves load_certificate_list() to the asymmetric key code > to make this easier and renames it. > > I generated the test data myself, but I'm open to using some standard test > data if you know of some; we don't want too much, however, as it's > incompressible. Also, it has avoid blacklist checks on the keys it is using, > lest the UEFI blacklist cause the selftest to fail. > > The patches can be found on the following branch: > > https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes > > David > --- > David Howells (2): > certs: Move load_certificate_list() to be with the asymmetric keys code > certs: Add FIPS selftests > > > certs/Makefile | 4 +- > certs/blacklist.c | 8 +- > certs/common.c | 57 ------ > certs/common.h | 9 - > certs/system_keyring.c | 6 +- > crypto/asymmetric_keys/Kconfig | 10 + > crypto/asymmetric_keys/Makefile | 2 + > crypto/asymmetric_keys/selftest.c | 224 +++++++++++++++++++++++ > crypto/asymmetric_keys/x509_loader.c | 57 ++++++ > crypto/asymmetric_keys/x509_parser.h | 9 + > crypto/asymmetric_keys/x509_public_key.c | 8 +- > include/keys/asymmetric-type.h | 3 + > 12 files changed, 321 insertions(+), 76 deletions(-) > delete mode 100644 certs/common.c > delete mode 100644 certs/common.h > create mode 100644 crypto/asymmetric_keys/selftest.c > create mode 100644 crypto/asymmetric_keys/x509_loader.c > > Reviewed-by: Simo Sorce <simo@xxxxxxxxxx> -- Simo Sorce RHEL Crypto Team Red Hat, Inc