linux_dsm_epyc7002/crypto
Stephan Mueller e09287dfef crypto: rsa - allow keys >= 2048 bits in FIPS mode
With a public notification, NIST now allows the use of RSA keys with a
modulus >= 2048 bits. The new rule allows any modulus size >= 2048 bits
provided that either 2048 or 3072 bits are supported at least so that
the entire RSA implementation can be CAVS tested.

This patch fixes the inability to boot the kernel in FIPS mode, because
certs/x509.genkey defines a 4096 bit RSA key per default. This key causes
the RSA signature verification to fail in FIPS mode without the patch
below.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-08-24 21:07:10 +08:00
..
asymmetric_keys KEYS: Fix for erroneous trust of incorrectly signed X.509 certs 2016-07-18 12:19:47 +10:00
async_tx mm/page_ref: add tracepoint to track down page reference manipulation 2016-03-17 15:09:34 -07:00
.gitignore crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files 2015-06-25 23:29:24 +08:00
842.c crypto: 842 - change 842 alg to use software 2015-05-11 15:06:43 +08:00
ablk_helper.c crypto: ablk_helper - Fix cryptd reordering 2016-06-23 18:29:53 +08:00
ablkcipher.c crypto: skcipher - Remove top-level givcipher interface 2016-07-18 17:35:46 +08:00
aead.c crypto: aead - Remove blkcipher null for IV generators 2016-07-18 17:35:43 +08:00
aes_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
af_alg.c crypto: af_alg - Forbid bind(2) when nokey child sockets are present 2016-01-18 18:16:33 +08:00
ahash.c crypto: ahash - Add padding in crypto_ahash_extsize 2016-07-01 23:45:03 +08:00
akcipher.c crypto: akcipher - add akcipher declarations needed by templates. 2015-12-09 20:03:57 +08:00
algapi.c crypto: api - Add crypto_inst_setname 2016-07-01 23:45:11 +08:00
algboss.c crypto: algboss - Remove reference to nivaead 2015-08-17 16:53:41 +08:00
algif_aead.c crypto: af_alg - add async support to algif_aead 2016-04-05 20:35:41 +08:00
algif_hash.c crypto: algif_hash - wait for crypto_ahash_init() to complete 2016-01-30 22:05:15 +08:00
algif_rng.c crypto: algif_rng - Remove obsolete const-removal cast 2015-04-22 09:30:21 +08:00
algif_skcipher.c crypto: algif_skcipher - Do not set MAY_BACKLOG on the async path 2016-02-06 15:23:55 +08:00
ansi_cprng.c crypto: ansi_cprng - Convert to new rng interface 2015-04-22 09:30:18 +08:00
anubis.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
api.c crypto: api - Only abort operations on fatal signal 2015-10-20 21:59:25 +08:00
arc4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
authenc.c crypto: authenc - Use skcipher 2016-07-18 17:35:38 +08:00
authencesn.c crypto: authencesn - Use skcipher 2016-07-18 17:35:39 +08:00
blkcipher.c crypto: skcipher - Remove top-level givcipher interface 2016-07-18 17:35:46 +08:00
blowfish_common.c crypto: blowfish - split generic and common c code 2011-09-22 21:25:25 +10:00
blowfish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
camellia_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast5_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast6_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast_common.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
cbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
ccm.c crypto: ccm - Use skcipher 2016-07-18 17:35:40 +08:00
chacha20_generic.c random: replace non-blocking pool with a Chacha20-based CRNG 2016-07-03 00:57:23 -04:00
chacha20poly1305.c crypto: chacha20poly1305 - Use skcipher 2016-07-18 17:35:41 +08:00
cipher.c crypto: cipher - Fix checkpatch errors 2010-02-16 20:31:37 +08:00
cmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
compress.c crypto: compress - Fix checkpatch errors 2010-02-16 20:31:04 +08:00
crc32_generic.c crypto: crc32 - Rename generic implementation 2016-01-30 22:11:22 +08:00
crc32c_generic.c crypto: crc32c - Fix crc32c soft dependency 2016-01-19 15:52:10 +08:00
crct10dif_common.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
crct10dif_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cryptd.c crypto: cryptd - Add helpers to check whether a tfm is queued 2016-06-23 18:29:52 +08:00
crypto_engine.c crypto: engine - Introduce the block request crypto engine framework 2016-02-01 22:27:02 +08:00
crypto_null.c crypto: null - Remove default null blkcipher 2016-07-18 17:35:44 +08:00
crypto_user.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2016-07-21 12:26:55 +08:00
crypto_wq.c crypto: crypto_wq - Fix late crypto work queue initialization 2014-03-21 21:54:28 +08:00
ctr.c crypto: ctr - Use skcipher in rfc3686 2016-07-18 17:35:39 +08:00
cts.c crypto: cts - Convert to skcipher 2016-07-18 17:35:44 +08:00
deflate.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
des_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
dh_helper.c crypto: dh - Add DH software implementation 2016-06-23 18:29:56 +08:00
dh.c crypto: rsa - Generate fixed-length output 2016-07-01 23:45:18 +08:00
drbg.c crypto: drbg - fix error return code 2016-08-24 21:04:49 +08:00
ecb.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
ecc_curve_defs.h crypto: ecdh - Add ECDH software support 2016-06-23 18:29:57 +08:00
ecc.c crypto: ecdh - make ecdh_shared_secret unique 2016-06-24 21:24:59 +08:00
ecc.h crypto: ecdh - make ecdh_shared_secret unique 2016-06-24 21:24:59 +08:00
ecdh_helper.c crypto: ecdh - Add ECDH software support 2016-06-23 18:29:57 +08:00
ecdh.c crypto: ecdh - make ecdh_shared_secret unique 2016-06-24 21:24:59 +08:00
echainiv.c crypto: echainiv - Use skcipher 2016-07-18 17:35:42 +08:00
fcrypt.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
fips.c crypto: fips - Move fips_enabled sysctl into fips.c 2015-04-23 14:18:09 +08:00
gcm.c crypto: gcm - Use skcipher 2016-07-18 17:35:40 +08:00
gf128mul.c crypto: gf128mul - fix call to memset() 2011-07-08 17:21:21 +08:00
ghash-generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
hash_info.c keys, trusted: select hash algorithm for TPM2 chips 2015-12-20 15:27:12 +02:00
hmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
internal.h crypto: api - Add crypto_type_has_alg helper 2016-01-25 22:42:12 +08:00
jitterentropy-kcapi.c crypto: jitterentropy - use ktime_get_ns as fallback 2016-06-24 21:24:58 +08:00
jitterentropy.c crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree" 2015-06-25 23:18:33 +08:00
Kconfig crypto: powerpc - CRYPT_CRC32C_VPMSUM should depend on ALTIVEC 2016-08-09 18:25:09 +08:00
keywrap.c crypto: keywrap - memzero the correct memory 2016-02-01 22:27:05 +08:00
khazad.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
kpp.c crypto: kpp - Key-agreement Protocol Primitives API (KPP) 2016-06-23 18:29:56 +08:00
lrw.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
lz4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lz4hc.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lzo.c crypto: lzo - get rid of superfluous __GFP_REPEAT 2016-04-15 22:36:36 +08:00
Makefile crypto: skcipher - Remove top-level givcipher interface 2016-07-18 17:35:46 +08:00
mcryptd.c crypto: sha1-mb - async implementation for sha1-mb 2016-06-23 18:29:55 +08:00
md4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
md5.c crypto: hash - add zero length message hash for shax and md5 2015-12-22 20:43:35 +08:00
memneq.c crypto: memneq - fix for archs without efficient unaligned access 2013-12-09 20:09:12 +08:00
michael_mic.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
pcbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
pcrypt.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
poly1305_generic.c crypto: poly1305 - Export common Poly1305 helpers 2015-07-17 21:20:26 +08:00
proc.c crypto: fips - Move fips_enabled sysctl into fips.c 2015-04-23 14:18:09 +08:00
ripemd.h [CRYPTO] ripemd: Put all common RIPEMD values in header file 2008-07-10 20:35:12 +08:00
rmd128.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd160.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd256.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd320.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rng.c crypto: rng - Do not free default RNG when it becomes unused 2015-06-22 15:49:18 +08:00
rsa_helper.c crypto: rsa - allow keys >= 2048 bits in FIPS mode 2016-08-24 21:07:10 +08:00
rsa-pkcs1pad.c crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct 2016-07-22 17:58:21 +08:00
rsa.c crypto: rsa - Generate fixed-length output 2016-07-01 23:45:18 +08:00
rsaprivkey.asn1 crypto: rsa - Store rest of the private key components 2016-07-05 23:05:26 +08:00
rsapubkey.asn1 crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
salsa20_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
scatterwalk.c crypto: scatterwalk - Inline start/map/done 2016-07-18 17:35:50 +08:00
seed.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
seqiv.c crypto: skcipher - Remove top-level givcipher interface 2016-07-18 17:35:46 +08:00
serpent_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
sha1_generic.c crypto: hash - add zero length message hash for shax and md5 2015-12-22 20:43:35 +08:00
sha3_generic.c crypto: sha3 - Add missing ULL suffixes for 64-bit constants 2016-08-08 23:43:46 +08:00
sha256_generic.c crypto: hash - add zero length message hash for shax and md5 2015-12-22 20:43:35 +08:00
sha512_generic.c crypto: sha512-generic - move to generic glue implementation 2015-04-10 21:39:41 +08:00
shash.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2016-03-17 11:22:54 -07:00
skcipher.c crypto: skcipher - Remove top-level givcipher interface 2016-07-18 17:35:46 +08:00
tcrypt.c crypto: sha3 - Add HMAC-SHA3 test modes and test vectors 2016-07-01 23:45:24 +08:00
tcrypt.h crypto: tcrypt - Add ChaCha20/Poly1305 speed tests 2015-07-17 21:20:20 +08:00
tea.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
testmgr.c crypto: testmgr - fix !x==y confusion 2016-08-09 18:47:19 +08:00
testmgr.h crypto: testmgr - Add 4K private key to RSA testvector 2016-07-05 23:05:27 +08:00
tgr192.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
twofish_common.c crypto: twofish-x86_64-3way - add lrw support 2011-11-09 11:53:32 +08:00
twofish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
vmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
wp512.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
xcbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
xor.c crypto: xor - skip speed test if the xor function is selected automatically 2016-08-24 21:04:48 +08:00
xts.c crypto: xts - fix a little typo 2016-08-16 17:16:49 +08:00