[PATCH] KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE

linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
@ 2024-04-22 21:10 Eric Biggers
  2024-04-23  4:02 ` Joachim Vandersmissen
  2024-04-23 21:52 ` Jarkko Sakkinen
  0 siblings, 2 replies; 4+ messages in thread
From: Eric Biggers @ 2024-04-22 21:10 UTC (permalink / raw)
  To: linux-crypto, keyrings
  Cc: stable, Simo Sorce, David Howells, kernel test robot

From: Eric Biggers <ebiggers@google.com>

Since the signature self-test uses RSA and SHA-256, it must only be
enabled when those algorithms are enabled.  Otherwise it fails and
panics the kernel on boot-up.

Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202404221528.51d75177-lkp@intel.com
Fixes: 3cde3174eb91 ("certs: Add FIPS selftests")
Cc: stable@vger.kernel.org
Cc: Simo Sorce <simo@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/asymmetric_keys/Kconfig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 59ec726b7c77..4abc58c55efa 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -83,7 +83,9 @@ config FIPS_SIGNATURE_SELFTEST
 	  for FIPS.
 	depends on KEYS
 	depends on ASYMMETRIC_KEY_TYPE
 	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
 	depends on X509_CERTIFICATE_PARSER
+	depends on CRYPTO_RSA
+	depends on CRYPTO_SHA256
 
 endif # ASYMMETRIC_KEY_TYPE

base-commit: ed30a4a51bb196781c8058073ea720133a65596f
-- 
2.44.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
  2024-04-22 21:10 [PATCH] KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST Eric Biggers
@ 2024-04-23  4:02 ` Joachim Vandersmissen
  2024-04-23 21:56   ` Jarkko Sakkinen
  2024-04-23 21:52 ` Jarkko Sakkinen
  1 sibling, 1 reply; 4+ messages in thread
From: Joachim Vandersmissen @ 2024-04-23  4:02 UTC (permalink / raw)
  To: Eric Biggers
  Cc: linux-crypto, keyrings, stable, Simo Sorce, David Howells,
	kernel test robot

Hi Eric,

On 4/22/24 4:10 PM, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> Since the signature self-test uses RSA and SHA-256, it must only be
> enabled when those algorithms are enabled.  Otherwise it fails and
> panics the kernel on boot-up.

I actually submitted two related patch recently which change the 
structure of the PKCS#7 self-tests and add an ECDSA self-test. See 
"[PATCH v2 1/2] certs: Move RSA self-test data to separate file" and 
"[PATCH v2 2/2] certs: Add ECDSA signature verification self-test" on 
2024-04-20. The explicit dependency on CRYPTO_RSA shouldn't be necessary 
with those patches (I think).

However, I didn't consider CRYPTO_SHA256 there. I think it can remain 
since both the RSA and proposed ECDSA self-tests use SHA-256.

>
> Reported-by: kernel test robot <oliver.sang@intel.com>
> Closes: https://lore.kernel.org/oe-lkp/202404221528.51d75177-lkp@intel.com
> Fixes: 3cde3174eb91 ("certs: Add FIPS selftests")
> Cc: stable@vger.kernel.org
> Cc: Simo Sorce <simo@redhat.com>
> Cc: David Howells <dhowells@redhat.com>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>   crypto/asymmetric_keys/Kconfig | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
> index 59ec726b7c77..4abc58c55efa 100644
> --- a/crypto/asymmetric_keys/Kconfig
> +++ b/crypto/asymmetric_keys/Kconfig
> @@ -83,7 +83,9 @@ config FIPS_SIGNATURE_SELFTEST
>   	  for FIPS.
>   	depends on KEYS
>   	depends on ASYMMETRIC_KEY_TYPE
>   	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
>   	depends on X509_CERTIFICATE_PARSER
> +	depends on CRYPTO_RSA
> +	depends on CRYPTO_SHA256
>   
>   endif # ASYMMETRIC_KEY_TYPE
>
> base-commit: ed30a4a51bb196781c8058073ea720133a65596f

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
  2024-04-22 21:10 [PATCH] KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST Eric Biggers
  2024-04-23  4:02 ` Joachim Vandersmissen
@ 2024-04-23 21:52 ` Jarkko Sakkinen
  1 sibling, 0 replies; 4+ messages in thread
From: Jarkko Sakkinen @ 2024-04-23 21:52 UTC (permalink / raw)
  To: Eric Biggers, linux-crypto, keyrings
  Cc: stable, Simo Sorce, David Howells, kernel test robot

On Tue Apr 23, 2024 at 12:10 AM EEST, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> Since the signature self-test uses RSA and SHA-256, it must only be
> enabled when those algorithms are enabled.  Otherwise it fails and
> panics the kernel on boot-up.
>
> Reported-by: kernel test robot <oliver.sang@intel.com>
> Closes: https://lore.kernel.org/oe-lkp/202404221528.51d75177-lkp@intel.com
> Fixes: 3cde3174eb91 ("certs: Add FIPS selftests")
> Cc: stable@vger.kernel.org
> Cc: Simo Sorce <simo@redhat.com>
> Cc: David Howells <dhowells@redhat.com>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  crypto/asymmetric_keys/Kconfig | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
> index 59ec726b7c77..4abc58c55efa 100644
> --- a/crypto/asymmetric_keys/Kconfig
> +++ b/crypto/asymmetric_keys/Kconfig
> @@ -83,7 +83,9 @@ config FIPS_SIGNATURE_SELFTEST
>  	  for FIPS.
>  	depends on KEYS
>  	depends on ASYMMETRIC_KEY_TYPE
>  	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
>  	depends on X509_CERTIFICATE_PARSER
> +	depends on CRYPTO_RSA
> +	depends on CRYPTO_SHA256
>  
>  endif # ASYMMETRIC_KEY_TYPE
>
> base-commit: ed30a4a51bb196781c8058073ea720133a65596f

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

Also, picked.

BR, Jarkko

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
  2024-04-23  4:02 ` Joachim Vandersmissen
@ 2024-04-23 21:56   ` Jarkko Sakkinen
  0 siblings, 0 replies; 4+ messages in thread
From: Jarkko Sakkinen @ 2024-04-23 21:56 UTC (permalink / raw)
  To: Joachim Vandersmissen, Eric Biggers
  Cc: linux-crypto, keyrings, stable, Simo Sorce, David Howells,
	kernel test robot

On Tue Apr 23, 2024 at 7:02 AM EEST, Joachim Vandersmissen wrote:
> Hi Eric,
>
> On 4/22/24 4:10 PM, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > Since the signature self-test uses RSA and SHA-256, it must only be
> > enabled when those algorithms are enabled.  Otherwise it fails and
> > panics the kernel on boot-up.
>
> I actually submitted two related patch recently which change the 
> structure of the PKCS#7 self-tests and add an ECDSA self-test. See 
> "[PATCH v2 1/2] certs: Move RSA self-test data to separate file" and 
> "[PATCH v2 2/2] certs: Add ECDSA signature verification self-test" on 
> 2024-04-20. The explicit dependency on CRYPTO_RSA shouldn't be necessary 
> with those patches (I think).
>
> However, I didn't consider CRYPTO_SHA256 there. I think it can remain 
> since both the RSA and proposed ECDSA self-tests use SHA-256.

Their how in my master branch, I'll mirror them to linux-next in day
or two.

BR, Jarkko

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-04-23 21:56 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-22 21:10 [PATCH] KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST Eric Biggers
2024-04-23  4:02 ` Joachim Vandersmissen
2024-04-23 21:56   ` Jarkko Sakkinen
2024-04-23 21:52 ` Jarkko Sakkinen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).