Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / e09287dfef280dbe9f9aa1faa7a125957e9b7fbb
commite09287dfef280dbe9f9aa1faa7a125957e9b7fbb[log] [tgz]
authorStephan Mueller <smueller@chronox.de>Tue Aug 23 10:09:32 2016 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>Wed Aug 24 21:07:10 2016 +0800
treeb6004f2e25b55f8addea90516cbe08c3dcb48df7
parent59df87c3498a34283baf185ab0396f4742acdee5 [diff]
crypto: rsa - allow keys >= 2048 bits in FIPS mode

With a public notification, NIST now allows the use of RSA keys with a
modulus >= 2048 bits. The new rule allows any modulus size >= 2048 bits
provided that either 2048 or 3072 bits are supported at least so that
the entire RSA implementation can be CAVS tested.

This patch fixes the inability to boot the kernel in FIPS mode, because
certs/x509.genkey defines a 4096 bit RSA key per default. This key causes
the RSA signature verification to fail in FIPS mode without the patch
below.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 file changed
tree: b6004f2e25b55f8addea90516cbe08c3dcb48df7
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitignore
  26. .mailmap
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README
  34. REPORTING-BUGS