diff options
| author | David Howells <dhowells@redhat.com> | 2022-05-18 17:15:34 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2022-06-21 16:05:12 +0100 |
| commit | 3cde3174eb910513d32a9ec8a9b95ea59be833df (patch) | |
| tree | 41ec5b5f807d1f7f04c5d95d2e8caf82e734238b /crypto/asymmetric_keys/x509_parser.h | |
| parent | 60050ffe3d770dd1df5b641aa48f49d07a54bd84 (diff) | |
| download | linux-3cde3174eb910513d32a9ec8a9b95ea59be833df.tar.bz2 | |
certs: Add FIPS selftests
Add some selftests for signature checking when FIPS mode is enabled. These
need to be done before we start actually using the signature checking for
things and must panic the kernel upon failure.
Note that the tests must not check the blacklist lest this provide a way to
prevent a kernel from booting by installing a hash of a test key in the
appropriate UEFI table.
Reported-by: Simo Sorce <simo@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
Link: https://lore.kernel.org/r/165515742832.1554877.2073456606206090838.stgit@warthog.procyon.org.uk/
Diffstat (limited to 'crypto/asymmetric_keys/x509_parser.h')
| -rw-r--r-- | crypto/asymmetric_keys/x509_parser.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h index 97a886cbe01c..a299c9c56f40 100644 --- a/crypto/asymmetric_keys/x509_parser.h +++ b/crypto/asymmetric_keys/x509_parser.h @@ -41,6 +41,15 @@ struct x509_certificate { }; /* + * selftest.c + */ +#ifdef CONFIG_FIPS_SIGNATURE_SELFTEST +extern int __init fips_signature_selftest(void); +#else +static inline int fips_signature_selftest(void) { return 0; } +#endif + +/* * x509_cert_parser.c */ extern void x509_free_certificate(struct x509_certificate *cert); |