Re: [PATCH] KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Eric,

On 4/22/24 4:10 PM, Eric Biggers wrote:
From: Eric Biggers <ebiggers@xxxxxxxxxx>

Since the signature self-test uses RSA and SHA-256, it must only be
enabled when those algorithms are enabled.  Otherwise it fails and
panics the kernel on boot-up.

I actually submitted two related patch recently which change the structure of the PKCS#7 self-tests and add an ECDSA self-test. See "[PATCH v2 1/2] certs: Move RSA self-test data to separate file" and "[PATCH v2 2/2] certs: Add ECDSA signature verification self-test" on 2024-04-20. The explicit dependency on CRYPTO_RSA shouldn't be necessary with those patches (I think).

However, I didn't consider CRYPTO_SHA256 there. I think it can remain since both the RSA and proposed ECDSA self-tests use SHA-256.


Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
Closes: https://lore.kernel.org/oe-lkp/202404221528.51d75177-lkp@xxxxxxxxx
Fixes: 3cde3174eb91 ("certs: Add FIPS selftests")
Cc: stable@xxxxxxxxxxxxxxx
Cc: Simo Sorce <simo@xxxxxxxxxx>
Cc: David Howells <dhowells@xxxxxxxxxx>
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
---
  crypto/asymmetric_keys/Kconfig | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 59ec726b7c77..4abc58c55efa 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -83,7 +83,9 @@ config FIPS_SIGNATURE_SELFTEST
  	  for FIPS.
  	depends on KEYS
  	depends on ASYMMETRIC_KEY_TYPE
  	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
  	depends on X509_CERTIFICATE_PARSER
+	depends on CRYPTO_RSA
+	depends on CRYPTO_SHA256
endif # ASYMMETRIC_KEY_TYPE

base-commit: ed30a4a51bb196781c8058073ea720133a65596f




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux