Currently it is possible to configure the kernel (albeit in a very contrived manner) such that CRYPTO_RSA is not set, yet FIPS_SIGNATURE_SELFTEST is set. This would cause a false kernel panic when executing the RSA PKCS#7 self-test. Guard against this by introducing a compile-time check. Signed-off-by: Joachim Vandersmissen <git@xxxxxxxxx> --- crypto/asymmetric_keys/selftest.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/asymmetric_keys/selftest.c b/crypto/asymmetric_keys/selftest.c index 68620a9ab974..d2781d0b87d9 100644 --- a/crypto/asymmetric_keys/selftest.c +++ b/crypto/asymmetric_keys/selftest.c @@ -23,6 +23,7 @@ struct certs_test { * be loaded into a temporary keyring for the duration of the testing. */ static const u8 certs_selftest_keys[] __initconst = { +#if IS_ENABLED(CONFIG_CRYPTO_RSA) /* 4096-bit RSA certificate */ "\x30\x82\x05\x55\x30\x82\x03\x3d\xa0\x03\x02\x01\x02\x02\x14\x73" "\x98\xea\x98\x2d\xd0\x2e\xa8\xb1\xcf\x57\xc7\xf2\x97\xb3\xe6\x1a" @@ -110,6 +111,7 @@ static const u8 certs_selftest_keys[] __initconst = { "\xad\x5a\xf5\xb3\xdb\x69\x21\x04\xfd\xd3\x1c\xdf\x94\x9d\x56\xb0" "\x0a\xd1\x95\x76\x8d\xec\x9e\xdd\x0b\x15\x97\x64\xad\xe5\xf2\x62" "\x02\xfc\x9e\x5f\x56\x42\x39\x05\xb3" +#endif #if IS_ENABLED(CONFIG_CRYPTO_ECDSA) /* P-256 ECDSA certificate */ "\x30\x82\x01\xd4\x30\x82\x01\x7b\xa0\x03\x02\x01\x02\x02\x14\x2e" @@ -228,7 +230,9 @@ static const u8 certs_selftest_ecdsa_pkcs7[] __initconst = { */ #define TEST(data, pkcs7) { data, sizeof(data) - 1, pkcs7, sizeof(pkcs7) - 1 } static const struct certs_test certs_tests[] __initconst = { +#if IS_ENABLED(CONFIG_CRYPTO_RSA) TEST(certs_selftest_data, certs_selftest_rsa_pkcs7), +#endif #if IS_ENABLED(CONFIG_CRYPTO_ECDSA) TEST(certs_selftest_data, certs_selftest_ecdsa_pkcs7), #endif -- 2.44.0