lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <3524595.1614124044@warthog.procyon.org.uk> Date: Tue, 23 Feb 2021 23:47:24 +0000 From: David Howells <dhowells@...hat.com> To: Eric Snowberg <eric.snowberg@...cle.com> Cc: dhowells@...hat.com, jarkko@...nel.org, mic@...ux.microsoft.com, dwmw2@...radead.org, keyrings@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] cert: Add kconfig dependency for validate_trust Eric Snowberg <eric.snowberg@...cle.com> wrote: > The kernel test robot reports when building with Kconfig > CONFIG_INTEGRITY_PLATFORM_KEYRING defined and > CONFIG_SYSTEM_DATA_VERIFICATION undefined: > > ld.lld: error: undefined symbol: pkcs7_validate_trust > referenced by blacklist.c:128 (certs/blacklist.c:128) > blacklist.o:(is_key_on_revocation_list) in archive certs/built-in.a > > Make CONFIG_SYSTEM_DATA_VERIFICATION a dependency for validate_trust. > > Reported-by: kernel test robot <lkp@...el.com> > Signed-off-by: Eric Snowberg <eric.snowberg@...cle.com> I wonder if it's better to provide a separate config option for the revocation list, say: config SYSTEM_REVOCATION_LIST bool "Add revocation certs to the blacklist keyring" depends on SYSTEM_BLACKLIST_KEYRING depends on PKCS7_MESSAGE_PARSER help ... and use that in blacklist.c. In keys/system_keyring.h, is_key_on_revocation_list() can then be defaulted to return 0 if that is disabled. Btw, I've just noticed that add_key_to_revocation_list() and is_key_on_revocation_list() lack kernel doc comments. David
Powered by blists - more mailing lists