Build testing with some core crypto options disabled revealed a few modules that are missing CRYPTO_HASH: crypto/asymmetric_keys/x509_public_key.o: In function `x509_get_sig_params': x509_public_key.c:(.text+0x4c7): undefined reference to `crypto_alloc_shash' x509_public_key.c:(.text+0x5e5): undefined reference to `crypto_shash_digest' crypto/asymmetric_keys/pkcs7_verify.o: In function `pkcs7_digest.isra.0': pkcs7_verify.c:(.text+0xab): undefined reference to `crypto_alloc_shash' pkcs7_verify.c:(.text+0x1b2): undefined reference to `crypto_shash_digest' pkcs7_verify.c:(.text+0x3c1): undefined reference to `crypto_shash_update' pkcs7_verify.c:(.text+0x411): undefined reference to `crypto_shash_finup' This normally doesn't show up in randconfig tests because there is a large number of other options that select CRYPTO_HASH. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
		
			
				
	
	
		
			100 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			100 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| # SPDX-License-Identifier: GPL-2.0
 | |
| menuconfig ASYMMETRIC_KEY_TYPE
 | |
| 	bool "Asymmetric (public-key cryptographic) key type"
 | |
| 	depends on KEYS
 | |
| 	help
 | |
| 	  This option provides support for a key type that holds the data for
 | |
| 	  the asymmetric keys used for public key cryptographic operations such
 | |
| 	  as encryption, decryption, signature generation and signature
 | |
| 	  verification.
 | |
| 
 | |
| if ASYMMETRIC_KEY_TYPE
 | |
| 
 | |
| config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 | |
| 	tristate "Asymmetric public-key crypto algorithm subtype"
 | |
| 	select MPILIB
 | |
| 	select CRYPTO_HASH_INFO
 | |
| 	select CRYPTO_AKCIPHER
 | |
| 	select CRYPTO_HASH
 | |
| 	help
 | |
| 	  This option provides support for asymmetric public key type handling.
 | |
| 	  If signature generation and/or verification are to be used,
 | |
| 	  appropriate hash algorithms (such as SHA-1) must be available.
 | |
| 	  ENOPKG will be reported if the requisite algorithm is unavailable.
 | |
| 
 | |
| config ASYMMETRIC_TPM_KEY_SUBTYPE
 | |
| 	tristate "Asymmetric TPM backed private key subtype"
 | |
| 	depends on TCG_TPM
 | |
| 	depends on TRUSTED_KEYS
 | |
| 	select CRYPTO_HMAC
 | |
| 	select CRYPTO_SHA1
 | |
| 	select CRYPTO_HASH_INFO
 | |
| 	help
 | |
| 	  This option provides support for TPM backed private key type handling.
 | |
| 	  Operations such as sign, verify, encrypt, decrypt are performed by
 | |
| 	  the TPM after the private key is loaded.
 | |
| 
 | |
| config X509_CERTIFICATE_PARSER
 | |
| 	tristate "X.509 certificate parser"
 | |
| 	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 | |
| 	select ASN1
 | |
| 	select OID_REGISTRY
 | |
| 	help
 | |
| 	  This option provides support for parsing X.509 format blobs for key
 | |
| 	  data and provides the ability to instantiate a crypto key from a
 | |
| 	  public key packet found inside the certificate.
 | |
| 
 | |
| config PKCS8_PRIVATE_KEY_PARSER
 | |
| 	tristate "PKCS#8 private key parser"
 | |
| 	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 | |
| 	select ASN1
 | |
| 	select OID_REGISTRY
 | |
| 	help
 | |
| 	  This option provides support for parsing PKCS#8 format blobs for
 | |
| 	  private key data and provides the ability to instantiate a crypto key
 | |
| 	  from that data.
 | |
| 
 | |
| config TPM_KEY_PARSER
 | |
| 	tristate "TPM private key parser"
 | |
| 	depends on ASYMMETRIC_TPM_KEY_SUBTYPE
 | |
| 	select ASN1
 | |
| 	help
 | |
| 	  This option provides support for parsing TPM format blobs for
 | |
| 	  private key data and provides the ability to instantiate a crypto key
 | |
| 	  from that data.
 | |
| 
 | |
| config PKCS7_MESSAGE_PARSER
 | |
| 	tristate "PKCS#7 message parser"
 | |
| 	depends on X509_CERTIFICATE_PARSER
 | |
| 	select CRYPTO_HASH
 | |
| 	select ASN1
 | |
| 	select OID_REGISTRY
 | |
| 	help
 | |
| 	  This option provides support for parsing PKCS#7 format messages for
 | |
| 	  signature data and provides the ability to verify the signature.
 | |
| 
 | |
| config PKCS7_TEST_KEY
 | |
| 	tristate "PKCS#7 testing key type"
 | |
| 	depends on SYSTEM_DATA_VERIFICATION
 | |
| 	help
 | |
| 	  This option provides a type of key that can be loaded up from a
 | |
| 	  PKCS#7 message - provided the message is signed by a trusted key.  If
 | |
| 	  it is, the PKCS#7 wrapper is discarded and reading the key returns
 | |
| 	  just the payload.  If it isn't, adding the key will fail with an
 | |
| 	  error.
 | |
| 
 | |
| 	  This is intended for testing the PKCS#7 parser.
 | |
| 
 | |
| config SIGNED_PE_FILE_VERIFICATION
 | |
| 	bool "Support for PE file signature verification"
 | |
| 	depends on PKCS7_MESSAGE_PARSER=y
 | |
| 	depends on SYSTEM_DATA_VERIFICATION
 | |
| 	select CRYPTO_HASH
 | |
| 	select ASN1
 | |
| 	select OID_REGISTRY
 | |
| 	help
 | |
| 	  This option provides support for verifying the signature(s) on a
 | |
| 	  signed PE binary.
 | |
| 
 | |
| endif # ASYMMETRIC_KEY_TYPE
 |