I got a message from random config robot that he found a build break...
It happens because certain modules which are compiled as builtin depends
on CRYPTO=m and select required components as modules instead of making
them builtin. Here is couple of patches to fix it.
config: i386-randconfig-c1-07060441 (attached as .config)
All error/warnings:
security/built-in.o: In function `asymmetric_verify':
>> (.text+0x75b6): undefined reference to `mpi_read_raw_data'
security/built-in.o: In function `asymmetric_verify':
>> (.text+0x75d8): undefined reference to `mpi_free'
crypto/built-in.o: In function `public_key_destroy':
>> (.text+0x383): undefined reference to `mpi_free'
crypto/built-in.o: In function `RSA_verify_signature':
>> rsa.c:(.text+0x474): undefined reference to `mpi_get_nbits'
>> rsa.c:(.text+0x481): undefined reference to `mpi_get_nbits'
>> rsa.c:(.text+0x491): undefined reference to `mpi_cmp_ui'
>> rsa.c:(.text+0x49f): undefined reference to `mpi_cmp'
>> rsa.c:(.text+0x4aa): undefined reference to `mpi_alloc'
>> rsa.c:(.text+0x4c4): undefined reference to `mpi_powm'
>> rsa.c:(.text+0x4d2): undefined reference to `mpi_free'
>> rsa.c:(.text+0x4f1): undefined reference to `mpi_free'
>> rsa.c:(.text+0x52e): undefined reference to `mpi_get_nbits'
>> rsa.c:(.text+0x54a): undefined reference to `mpi_get_buffer'
>> rsa.c:(.text+0x5fb): undefined reference to `__crypto_memneq'
>> rsa.c:(.text+0x618): undefined reference to `__crypto_memneq'
crypto/built-in.o: In function `x509_free_certificate':
>> (.text+0x90a): undefined reference to `mpi_free'
crypto/built-in.o: In function `x509_cert_parse':
>> (.text+0x986): undefined reference to `asn1_ber_decoder'
crypto/built-in.o: In function `x509_cert_parse':
>> (.text+0x9a1): undefined reference to `asn1_ber_decoder'
crypto/built-in.o: In function `x509_note_OID':
>> (.text+0x9e4): undefined reference to `look_up_OID'
crypto/built-in.o: In function `x509_note_OID':
>> (.text+0xa01): undefined reference to `sprint_oid'
crypto/built-in.o: In function `rsa_extract_mpi':
- Dmitry
Dmitry Kasatkin (2):
asymmetric_keys: make crypto builtin if asymmetric keys selected as
builtin
digsig: make crypto builtin if digsig selected as builtin
crypto/Kconfig | 6 +++++-
crypto/asymmetric_keys/Kconfig | 2 ++
lib/Kconfig | 3 ++-
3 files changed, 9 insertions(+), 2 deletions(-)
--
1.9.1
When SIGNATURE=y but depends on CRYPTO=m, it selects MPILIB as module
producing build break. This patch makes digsig to select crypto for
correcting dependency.
Signed-off-by: Dmitry Kasatkin <[email protected]>
---
lib/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 334f772..a8a775730 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -451,7 +451,8 @@ config MPILIB
config SIGNATURE
tristate
- depends on KEYS && CRYPTO
+ depends on KEYS
+ select CRYPTO
select CRYPTO_SHA1
select MPILIB
help
--
1.9.1
When ASYMMETRIC_KEYS=y, but depends on CRYPTO=m, selections will be also modules.
In random config case OID_REGISTRY, MPILIB and ASN1 became modules producing build
break. This patch removes asymmetric keys dependency from CRYPTO, but instead
selects CRYPTO and CRYPTO_HASH as they are needed.
Signed-off-by: Dmitry Kasatkin <[email protected]>
---
crypto/Kconfig | 6 +++++-
crypto/asymmetric_keys/Kconfig | 2 ++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index ce4012a..96835d6 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -10,6 +10,11 @@ config XOR_BLOCKS
source "crypto/async_tx/Kconfig"
#
+# asymmetric keys
+#
+source crypto/asymmetric_keys/Kconfig
+
+#
# Cryptographic API Configuration
#
menuconfig CRYPTO
@@ -1405,6 +1410,5 @@ config CRYPTO_HASH_INFO
bool
source "drivers/crypto/Kconfig"
-source crypto/asymmetric_keys/Kconfig
endif # if CRYPTO
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 03a6eb9..a38d2d4 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -30,6 +30,8 @@ config PUBLIC_KEY_ALGO_RSA
config X509_CERTIFICATE_PARSER
tristate "X.509 certificate parser"
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select CRYPTO
+ select CRYPTO_HASH
select ASN1
select OID_REGISTRY
help
--
1.9.1
Dmitry Kasatkin <[email protected]> wrote:
> When ASYMMETRIC_KEYS=y, but depends on CRYPTO=m, selections will be also modules.
> In random config case OID_REGISTRY, MPILIB and ASN1 became modules producing build
> break. This patch removes asymmetric keys dependency from CRYPTO, but instead
> selects CRYPTO and CRYPTO_HASH as they are needed.
You do realise that this makes the asymmetric key config option into a
top-level option? I think, logically, that's the wrong thing to do. They
should still appear under the crypto menu.
Note that I think your patch is really the wrong solution. The right solution
is to fix the configuration tools - but that's quite an undertaking.
David
Dmitry Kasatkin <[email protected]> wrote:
> When SIGNATURE=y but depends on CRYPTO=m, it selects MPILIB as module
> producing build break. This patch makes digsig to select crypto for
> correcting dependency.
I'll apply this one.
David
On Thu, Jul 17, 2014 at 10:56 PM, David Howells <[email protected]> wrote:
> Dmitry Kasatkin <[email protected]> wrote:
>
>> When SIGNATURE=y but depends on CRYPTO=m, it selects MPILIB as module
>> producing build break. This patch makes digsig to select crypto for
>> correcting dependency.
>
> I'll apply this one.
>
> David
Thanks,
Dmitry
On Thu, Jul 17, 2014 at 10:55 PM, David Howells <[email protected]> wrote:
> Dmitry Kasatkin <[email protected]> wrote:
>
>> When ASYMMETRIC_KEYS=y, but depends on CRYPTO=m, selections will be also modules.
>> In random config case OID_REGISTRY, MPILIB and ASN1 became modules producing build
>> break. This patch removes asymmetric keys dependency from CRYPTO, but instead
>> selects CRYPTO and CRYPTO_HASH as they are needed.
>
> You do realise that this makes the asymmetric key config option into a
> top-level option? I think, logically, that's the wrong thing to do. They
> should still appear under the crypto menu.
>
Oops, this is not what I wanted to have.
Yes, I wanted to have still them under crypto but wanted to break dependency.
I was hurrying before starting the holidays, tested only from command line,
but did not look to menuconfig.
In overall asymmetric keys does not provide any crypto API.
Instead they provide key types... They use crypto api them in couple of places.
So it is more about "selecting" crypto.
In my opinion "entire" location of asymmetric keys under /crypto is wrong.
RSA algo may be there, but reset of the stuff can be under /keys.
-Dmitry
> Note that I think your patch is really the wrong solution. The right solution
> is to fix the configuration tools - but that's quite an undertaking.
>
> David