certs: Break circular dependency when selftest is modular
The modular build fails because the self-test code depends on pkcs7
which in turn depends on x509 which contains the self-test.
Split the self-test out into its own module to break the cycle.
Fixes: 3cde3174eb
("certs: Add FIPS selftests")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
7ddc21e317
commit
04a93202ed
@ -76,7 +76,7 @@ config SIGNED_PE_FILE_VERIFICATION
|
||||
signed PE binary.
|
||||
|
||||
config FIPS_SIGNATURE_SELFTEST
|
||||
bool "Run FIPS selftests on the X.509+PKCS7 signature verification"
|
||||
tristate "Run FIPS selftests on the X.509+PKCS7 signature verification"
|
||||
help
|
||||
This option causes some selftests to be run on the signature
|
||||
verification code, using some built in data. This is required
|
||||
@ -84,5 +84,6 @@ config FIPS_SIGNATURE_SELFTEST
|
||||
depends on KEYS
|
||||
depends on ASYMMETRIC_KEY_TYPE
|
||||
depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
|
||||
depends on X509_CERTIFICATE_PARSER
|
||||
|
||||
endif # ASYMMETRIC_KEY_TYPE
|
||||
|
@ -22,7 +22,8 @@ x509_key_parser-y := \
|
||||
x509_cert_parser.o \
|
||||
x509_loader.o \
|
||||
x509_public_key.o
|
||||
x509_key_parser-$(CONFIG_FIPS_SIGNATURE_SELFTEST) += selftest.o
|
||||
obj-$(CONFIG_FIPS_SIGNATURE_SELFTEST) += x509_selftest.o
|
||||
x509_selftest-y += selftest.o
|
||||
|
||||
$(obj)/x509_cert_parser.o: \
|
||||
$(obj)/x509.asn1.h \
|
||||
|
@ -4,10 +4,11 @@
|
||||
* Written by David Howells (dhowells@redhat.com)
|
||||
*/
|
||||
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/cred.h>
|
||||
#include <linux/key.h>
|
||||
#include <crypto/pkcs7.h>
|
||||
#include <linux/cred.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/key.h>
|
||||
#include <linux/module.h>
|
||||
#include "x509_parser.h"
|
||||
|
||||
struct certs_test {
|
||||
@ -175,7 +176,7 @@ static const struct certs_test certs_tests[] __initconst = {
|
||||
TEST(certs_selftest_1_data, certs_selftest_1_pkcs7),
|
||||
};
|
||||
|
||||
int __init fips_signature_selftest(void)
|
||||
static int __init fips_signature_selftest(void)
|
||||
{
|
||||
struct key *keyring;
|
||||
int ret, i;
|
||||
@ -222,3 +223,9 @@ int __init fips_signature_selftest(void)
|
||||
key_put(keyring);
|
||||
return 0;
|
||||
}
|
||||
|
||||
late_initcall(fips_signature_selftest);
|
||||
|
||||
MODULE_DESCRIPTION("X.509 self tests");
|
||||
MODULE_AUTHOR("Red Hat, Inc.");
|
||||
MODULE_LICENSE("GPL");
|
||||
|
@ -40,15 +40,6 @@ struct x509_certificate {
|
||||
bool blacklisted;
|
||||
};
|
||||
|
||||
/*
|
||||
* selftest.c
|
||||
*/
|
||||
#ifdef CONFIG_FIPS_SIGNATURE_SELFTEST
|
||||
extern int __init fips_signature_selftest(void);
|
||||
#else
|
||||
static inline int fips_signature_selftest(void) { return 0; }
|
||||
#endif
|
||||
|
||||
/*
|
||||
* x509_cert_parser.c
|
||||
*/
|
||||
|
@ -262,15 +262,9 @@ static struct asymmetric_key_parser x509_key_parser = {
|
||||
/*
|
||||
* Module stuff
|
||||
*/
|
||||
extern int __init certs_selftest(void);
|
||||
static int __init x509_key_init(void)
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = register_asymmetric_key_parser(&x509_key_parser);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
return fips_signature_selftest();
|
||||
return register_asymmetric_key_parser(&x509_key_parser);
|
||||
}
|
||||
|
||||
static void __exit x509_key_exit(void)
|
||||
|
Loading…
Reference in New Issue
Block a user