Hi Herbert,
On 4/16/24 3:59 AM, Herbert Xu wrote:
On Mon, Apr 15, 2024 at 10:23:47PM -0500, Joachim Vandersmissen wrote:
Currently it is possible to configure the kernel (albeit in a very
contrived manner) such that CRYPTO_RSA is not set, yet
FIPS_SIGNATURE_SELFTEST is set. This would cause a false kernel panic
when executing the RSA PKCS#7 self-test. Guard against this by
introducing a compile-time check.
Signed-off-by: Joachim Vandersmissen <git@xxxxxxxxx>
The usual way to handle this is to add a select to the Kconfig file.
I did consider that initially, but I was unsure if this was the right
path. From a conceptual standpoint, this module doesn't need the RSA (or
ECDSA) functionality. If the algorithm is not present, it would be
perfectly valid for the module to do nothing. However, I'm not opposed
to removing the current check and adding the select to the Kconfig.
If I add a `select CRYPTO_RSA` to FIPS_SIGNATURE_SELFTEST, do you think
I should do something similar for ECDSA as well (considering the other
patch in this series)?
Thanks,