mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-30 15:44:13 +08:00
0f5d4a0b99
The selftest code is built into the x509_key_parser module, and depends on the pkcs7_message_parser module, which in turn has a dependency on the key parser, creating a dependency loop and a resulting link failure when the pkcs7 code is a loadable module: ld: crypto/asymmetric_keys/selftest.o: in function `fips_signature_selftest': crypto/asymmetric_keys/selftest.c:205: undefined reference to `pkcs7_parse_message' ld: crypto/asymmetric_keys/selftest.c:209: undefined reference to `pkcs7_supply_detached_data' ld: crypto/asymmetric_keys/selftest.c:211: undefined reference to `pkcs7_verify' ld: crypto/asymmetric_keys/selftest.c:215: undefined reference to `pkcs7_validate_trust' ld: crypto/asymmetric_keys/selftest.c:219: undefined reference to `pkcs7_free_message' Avoid this by only allowing the selftest to be enabled when either both parts are loadable modules, or both are built-in. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
89 lines
2.9 KiB
Plaintext
89 lines
2.9 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
menuconfig ASYMMETRIC_KEY_TYPE
|
|
bool "Asymmetric (public-key cryptographic) key type"
|
|
depends on KEYS
|
|
help
|
|
This option provides support for a key type that holds the data for
|
|
the asymmetric keys used for public key cryptographic operations such
|
|
as encryption, decryption, signature generation and signature
|
|
verification.
|
|
|
|
if ASYMMETRIC_KEY_TYPE
|
|
|
|
config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
tristate "Asymmetric public-key crypto algorithm subtype"
|
|
select MPILIB
|
|
select CRYPTO_HASH_INFO
|
|
select CRYPTO_AKCIPHER
|
|
select CRYPTO_HASH
|
|
help
|
|
This option provides support for asymmetric public key type handling.
|
|
If signature generation and/or verification are to be used,
|
|
appropriate hash algorithms (such as SHA-1) must be available.
|
|
ENOPKG will be reported if the requisite algorithm is unavailable.
|
|
|
|
config X509_CERTIFICATE_PARSER
|
|
tristate "X.509 certificate parser"
|
|
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
select ASN1
|
|
select OID_REGISTRY
|
|
help
|
|
This option provides support for parsing X.509 format blobs for key
|
|
data and provides the ability to instantiate a crypto key from a
|
|
public key packet found inside the certificate.
|
|
|
|
config PKCS8_PRIVATE_KEY_PARSER
|
|
tristate "PKCS#8 private key parser"
|
|
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
select ASN1
|
|
select OID_REGISTRY
|
|
help
|
|
This option provides support for parsing PKCS#8 format blobs for
|
|
private key data and provides the ability to instantiate a crypto key
|
|
from that data.
|
|
|
|
config PKCS7_MESSAGE_PARSER
|
|
tristate "PKCS#7 message parser"
|
|
depends on X509_CERTIFICATE_PARSER
|
|
select CRYPTO_HASH
|
|
select ASN1
|
|
select OID_REGISTRY
|
|
help
|
|
This option provides support for parsing PKCS#7 format messages for
|
|
signature data and provides the ability to verify the signature.
|
|
|
|
config PKCS7_TEST_KEY
|
|
tristate "PKCS#7 testing key type"
|
|
depends on SYSTEM_DATA_VERIFICATION
|
|
help
|
|
This option provides a type of key that can be loaded up from a
|
|
PKCS#7 message - provided the message is signed by a trusted key. If
|
|
it is, the PKCS#7 wrapper is discarded and reading the key returns
|
|
just the payload. If it isn't, adding the key will fail with an
|
|
error.
|
|
|
|
This is intended for testing the PKCS#7 parser.
|
|
|
|
config SIGNED_PE_FILE_VERIFICATION
|
|
bool "Support for PE file signature verification"
|
|
depends on PKCS7_MESSAGE_PARSER=y
|
|
depends on SYSTEM_DATA_VERIFICATION
|
|
select CRYPTO_HASH
|
|
select ASN1
|
|
select OID_REGISTRY
|
|
help
|
|
This option provides support for verifying the signature(s) on a
|
|
signed PE binary.
|
|
|
|
config FIPS_SIGNATURE_SELFTEST
|
|
bool "Run FIPS selftests on the X.509+PKCS7 signature verification"
|
|
help
|
|
This option causes some selftests to be run on the signature
|
|
verification code, using some built in data. This is required
|
|
for FIPS.
|
|
depends on KEYS
|
|
depends on ASYMMETRIC_KEY_TYPE
|
|
depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
|
|
|
|
endif # ASYMMETRIC_KEY_TYPE
|