git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	David Howells <dhowells@redhat.com>
	Wed, 18 May 2022 16:15:34 +0000 (17:15 +0100)
committer	David Howells <dhowells@redhat.com>
	Tue, 21 Jun 2022 15:05:12 +0000 (16:05 +0100)
commit	3cde3174eb910513d32a9ec8a9b95ea59be833df
tree	41ec5b5f807d1f7f04c5d95d2e8caf82e734238b	tree \| snapshot
parent	60050ffe3d770dd1df5b641aa48f49d07a54bd84	commit \| diff

certs: Add FIPS selftests

Add some selftests for signature checking when FIPS mode is enabled. These
need to be done before we start actually using the signature checking for
things and must panic the kernel upon failure.

Note that the tests must not check the blacklist lest this provide a way to
prevent a kernel from booting by installing a hash of a test key in the
appropriate UEFI table.

Reported-by: Simo Sorce <simo@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
Link: https://lore.kernel.org/r/165515742832.1554877.2073456606206090838.stgit@warthog.procyon.org.uk/

crypto/asymmetric_keys/Kconfig		diff \| blob \| history
crypto/asymmetric_keys/Makefile		diff \| blob \| history
crypto/asymmetric_keys/selftest.c	[new file with mode: 0644]	blob
crypto/asymmetric_keys/x509_parser.h		diff \| blob \| history
crypto/asymmetric_keys/x509_public_key.c		diff \| blob \| history