crypto/asymmetric_keys · 3cde3174eb910513d32a9ec8a9b95ea59be833df · Kirill Smelkov / linux

David Howells authored 2 years ago


Add some selftests for signature checking when FIPS mode is enabled.  These
need to be done before we start actually using the signature checking for
things and must panic the kernel upon failure.

Note that the tests must not check the blacklist lest this provide a way to
prevent a kernel from booting by installing a hash of a test key in the
appropriate UEFI table.
Reported-by: Simo Sorce <simo@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
Link: https://lore.kernel.org/r/165515742832.1554877.2073456606206090838.stgit@warthog.procyon.org.uk/

3cde3174

Name	Last commit	Last update
..
Kconfig
Makefile
asymmetric_keys.h
asymmetric_type.c
mscode.asn1
mscode_parser.c
pkcs7.asn1
pkcs7_key_type.c
pkcs7_parser.c
pkcs7_parser.h
pkcs7_trust.c
pkcs7_verify.c
pkcs8.asn1
pkcs8_parser.c
public_key.c
restrict.c
selftest.c
signature.c
verify_pefile.c
verify_pefile.h
x509.asn1
x509_akid.asn1
x509_cert_parser.c
x509_loader.c
x509_parser.h
x509_public_key.c

Download source code

Download this directory