3cde3174eb
Add some selftests for signature checking when FIPS mode is enabled. These need to be done before we start actually using the signature checking for things and must panic the kernel upon failure. Note that the tests must not check the blacklist lest this provide a way to prevent a kernel from booting by installing a hash of a test key in the appropriate UEFI table. Reported-by: Simo Sorce <simo@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Herbert Xu <herbert@gondor.apana.org.au> cc: keyrings@vger.kernel.org cc: linux-crypto@vger.kernel.org Link: https://lore.kernel.org/r/165515742832.1554877.2073456606206090838.stgit@warthog.procyon.org.uk/ |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| asymmetric_keys.h | ||
| asymmetric_type.c | ||
| mscode.asn1 | ||
| mscode_parser.c | ||
| pkcs7.asn1 | ||
| pkcs7_key_type.c | ||
| pkcs7_parser.c | ||
| pkcs7_parser.h | ||
| pkcs7_trust.c | ||
| pkcs7_verify.c | ||
| pkcs8.asn1 | ||
| pkcs8_parser.c | ||
| public_key.c | ||
| restrict.c | ||
| selftest.c | ||
| signature.c | ||
| verify_pefile.c | ||
| verify_pefile.h | ||
| x509.asn1 | ||
| x509_akid.asn1 | ||
| x509_cert_parser.c | ||
| x509_loader.c | ||
| x509_parser.h | ||
| x509_public_key.c | ||