certs: Break circular dependency when selftest is modular

[ Upstream commit 04a93202ed7c3b451bf22d3ff4bcd379df27f299 ] The modular build fails because the self-test code depends on pkcs7 which in turn depends on x509 which contains the self-test. Split the self-test out into its own module to break the cycle. Fixes: 3cde3174eb ("certs: Add FIPS selftests") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-04-24 14:07:52 -04:00 · 2023-10-16 13:21:44 +08:00 · 2023-10-16 13:21:44 +08:00 · e71d8a3a85
commit e71d8a3a85
parent 1734a79e95
5 changed files with 16 additions and 22 deletions
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@ -76,7 +76,7 @@ config SIGNED_PE_FILE_VERIFICATION
 	  signed PE binary.
 config FIPS_SIGNATURE_SELFTEST
-	bool "Run FIPS selftests on the X.509+PKCS7 signature verification"
+	tristate "Run FIPS selftests on the X.509+PKCS7 signature verification"
 	help
 	  This option causes some selftests to be run on the signature
 	  verification code, using some built in data.  This is required
@ -84,5 +84,6 @@ config FIPS_SIGNATURE_SELFTEST
 	depends on KEYS
 	depends on ASYMMETRIC_KEY_TYPE
 	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
 	depends on X509_CERTIFICATE_PARSER
 endif # ASYMMETRIC_KEY_TYPE
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@ -22,7 +22,8 @@ x509_key_parser-y := \
 	x509_cert_parser.o \
 	x509_loader.o \
 	x509_public_key.o
-x509_key_parser-$(CONFIG_FIPS_SIGNATURE_SELFTEST) += selftest.o
+obj-$(CONFIG_FIPS_SIGNATURE_SELFTEST) += x509_selftest.o
 x509_selftest-y += selftest.o
 $(obj)/x509_cert_parser.o: \
 	$(obj)/x509.asn1.h \
--- a/crypto/asymmetric_keys/selftest.c
+++ b/crypto/asymmetric_keys/selftest.c
@ -4,10 +4,11 @@
 * Written by David Howells (dhowells@redhat.com)
 */
 #include <linux/kernel.h>
 #include <linux/cred.h>
 #include <linux/key.h>
 #include <crypto/pkcs7.h>
 #include <linux/cred.h>
 #include <linux/kernel.h>
 #include <linux/key.h>
 #include <linux/module.h>
 #include "x509_parser.h"
 struct certs_test {
@ -175,7 +176,7 @@ static const struct certs_test certs_tests[] __initconst = {
 	TEST(certs_selftest_1_data, certs_selftest_1_pkcs7),
 };
-int __init fips_signature_selftest(void)
+static int __init fips_signature_selftest(void)
 {
 	struct key *keyring;
 	int ret, i;
@ -222,3 +223,9 @@ int __init fips_signature_selftest(void)
 	key_put(keyring);
 	return 0;
 }
 late_initcall(fips_signature_selftest);
 MODULE_DESCRIPTION("X.509 self tests");
 MODULE_AUTHOR("Red Hat, Inc.");
 MODULE_LICENSE("GPL");
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@ -40,15 +40,6 @@ struct x509_certificate {
 	bool		blacklisted;
 };
 /*
 * selftest.c
 */
 #ifdef CONFIG_FIPS_SIGNATURE_SELFTEST
 extern int __init fips_signature_selftest(void);
 #else
 static inline int fips_signature_selftest(void) { return 0; }
 #endif
 /*
 * x509_cert_parser.c
 */
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@ -262,15 +262,9 @@ static struct asymmetric_key_parser x509_key_parser = {
 /*
 * Module stuff
 */
 extern int __init certs_selftest(void);
 static int __init x509_key_init(void)
 {
-	int ret;
+	return register_asymmetric_key_parser(&x509_key_parser);
 	ret = register_asymmetric_key_parser(&x509_key_parser);
 	if (ret < 0)
 		return ret;
 	return fips_signature_selftest();
 }
 static void __exit x509_key_exit(void)