linux/certs
Dimitri John Ledkov d4f5bfe20d certs: Limit MODULE_SIG_KEY_TYPE_ECDSA to SHA384 or SHA512
NIST FIPS 186-5 states that it is recommended that the security
strength associated with the bit length of n and the security strength
of the hash function be the same, or higher upon agreement. Given NIST
P384 curve is used, force using either SHA384 or SHA512.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-10-20 13:39:26 +08:00
..
.gitignore certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build 2022-06-15 21:52:32 +03:00
blacklist_hashes.c certs: unify blacklist_hashes.c and blacklist_nohashes.c 2022-07-27 21:17:59 +09:00
blacklist.c certs: don't try to update blacklist keys 2023-02-13 10:11:20 +02:00
blacklist.h certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-03-11 16:31:28 +00:00
check-blacklist-hashes.awk certs: move scripts/check-blacklist-hashes.awk to certs/ 2022-07-27 21:17:59 +09:00
default_x509.genkey certs: check-in the default x509 config file 2021-12-11 22:09:14 +09:00
extract-cert.c kbuild: do not print extra logs for V=2 2023-01-22 23:43:32 +09:00
Kconfig certs: Limit MODULE_SIG_KEY_TYPE_ECDSA to SHA384 or SHA512 2023-10-20 13:39:26 +08:00
Makefile certs: Fix build error when PKCS#11 URI contains semicolon 2023-01-31 17:53:01 +09:00
revocation_certificates.S certs: Add ability to preload revocation certs 2021-03-11 16:33:49 +00:00
system_certificates.S certs: include certs/signing_key.x509 unconditionally 2022-03-03 08:16:19 +09:00
system_keyring.c certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00