certs: Break circular dependency when selftest is modular

The modular build fails because the self-test code depends on pkcs7
which in turn depends on x509 which contains the self-test.

Split the self-test out into its own module to break the cycle.

Fixes: 3cde3174eb ("certs: Add FIPS selftests")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Herbert Xu 2023-10-16 13:21:44 +08:00
parent 7ddc21e317
commit 04a93202ed
5 changed files with 16 additions and 22 deletions

View File

@ -76,7 +76,7 @@ config SIGNED_PE_FILE_VERIFICATION
signed PE binary.
config FIPS_SIGNATURE_SELFTEST
bool "Run FIPS selftests on the X.509+PKCS7 signature verification"
tristate "Run FIPS selftests on the X.509+PKCS7 signature verification"
help
This option causes some selftests to be run on the signature
verification code, using some built in data. This is required
@ -84,5 +84,6 @@ config FIPS_SIGNATURE_SELFTEST
depends on KEYS
depends on ASYMMETRIC_KEY_TYPE
depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
depends on X509_CERTIFICATE_PARSER
endif # ASYMMETRIC_KEY_TYPE

View File

@ -22,7 +22,8 @@ x509_key_parser-y := \
x509_cert_parser.o \
x509_loader.o \
x509_public_key.o
x509_key_parser-$(CONFIG_FIPS_SIGNATURE_SELFTEST) += selftest.o
obj-$(CONFIG_FIPS_SIGNATURE_SELFTEST) += x509_selftest.o
x509_selftest-y += selftest.o
$(obj)/x509_cert_parser.o: \
$(obj)/x509.asn1.h \

View File

@ -4,10 +4,11 @@
* Written by David Howells (dhowells@redhat.com)
*/
#include <linux/kernel.h>
#include <linux/cred.h>
#include <linux/key.h>
#include <crypto/pkcs7.h>
#include <linux/cred.h>
#include <linux/kernel.h>
#include <linux/key.h>
#include <linux/module.h>
#include "x509_parser.h"
struct certs_test {
@ -175,7 +176,7 @@ static const struct certs_test certs_tests[] __initconst = {
TEST(certs_selftest_1_data, certs_selftest_1_pkcs7),
};
int __init fips_signature_selftest(void)
static int __init fips_signature_selftest(void)
{
struct key *keyring;
int ret, i;
@ -222,3 +223,9 @@ int __init fips_signature_selftest(void)
key_put(keyring);
return 0;
}
late_initcall(fips_signature_selftest);
MODULE_DESCRIPTION("X.509 self tests");
MODULE_AUTHOR("Red Hat, Inc.");
MODULE_LICENSE("GPL");

View File

@ -40,15 +40,6 @@ struct x509_certificate {
bool blacklisted;
};
/*
* selftest.c
*/
#ifdef CONFIG_FIPS_SIGNATURE_SELFTEST
extern int __init fips_signature_selftest(void);
#else
static inline int fips_signature_selftest(void) { return 0; }
#endif
/*
* x509_cert_parser.c
*/

View File

@ -262,15 +262,9 @@ static struct asymmetric_key_parser x509_key_parser = {
/*
* Module stuff
*/
extern int __init certs_selftest(void);
static int __init x509_key_init(void)
{
int ret;
ret = register_asymmetric_key_parser(&x509_key_parser);
if (ret < 0)
return ret;
return fips_signature_selftest();
return register_asymmetric_key_parser(&x509_key_parser);
}
static void __exit x509_key_exit(void)