[PATCH 0/6] crypto: pkcs7 x509 add FIPS 202 SHA-3 support

[PATCH 0/6] crypto: pkcs7 x509 add FIPS 202 SHA-3 support

[Dimitri John Ledkov]

Recent patches to cryptodev removed support for insecure, broken or
weak x509/pkcs7 signing hashes MD4, MD5, SHA1, SHA-224. This opens
room to add SHA-3 family of hashes, which are not yet broken.

Add support for FIPS 202 SHA-3 in x509 RSA & ECC certs, pkcs7
signatures, hash info structs. And adjust documentation.

This enables using SHA-3 family of hashes for kernel module signing.

For SHA3+ECC signing openssl with this patch [0] is needed, currently
in openssl development tip. SHA3+RSA signing is supported by stable
openssl.

kmod needs a patch to recognise SHA3 hash names [1], submitted
separately.

This patch series is on top of tip of cryptodev git repository commit
a2786e8bdd ("crypto: qcom-rng - Add missing dependency on hw_random")

[0] https://github.com/openssl/openssl/pull/22147/files
[1] https://lore.kernel.org/all/20231022180928.180437-1-dimitri.ledkov@canonical.com/

Dimitri John Ledkov (6):
  x509: Add OIDs for FIPS 202 SHA-3 hash and signatures
  crypto: FIPS 202 SHA-3 register in hash info for IMA
  crypto: rsa-pkcs1pad - Add FIPS 202 SHA-3 support
  crypto: x509 pkcs7 - allow FIPS 202 SHA-3 signatures
  crypto: enable automatic module signing with FIPS 202 SHA-3
  Documentation/module-signing.txt: bring up to date

 Documentation/admin-guide/module-signing.rst | 17 ++++++++-----
 certs/Kconfig                                |  2 +-
 crypto/asymmetric_keys/mscode_parser.c       |  9 +++++++
 crypto/asymmetric_keys/pkcs7_parser.c        | 12 ++++++++++
 crypto/asymmetric_keys/public_key.c          |  5 +++-
 crypto/asymmetric_keys/x509_cert_parser.c    | 24 +++++++++++++++++++
 crypto/hash_info.c                           |  6 +++++
 crypto/rsa-pkcs1pad.c                        | 25 +++++++++++++++++++-
 crypto/testmgr.c                             | 12 ++++++++++
 include/crypto/hash_info.h                   |  1 +
 include/linux/oid_registry.h                 | 11 +++++++++
 include/uapi/linux/hash_info.h               |  3 +++
 kernel/module/Kconfig                        | 15 ++++++++++++
 13 files changed, 133 insertions(+), 9 deletions(-)

-- 
2.34.1

[PATCH 1/6] x509: Add OIDs for FIPS 202 SHA-3 hash and signatures

[Dimitri John Ledkov]

Add OID for FIPS 202 SHA-3 family of hash functions, RSA & ECDSA
signatures using those. Limit to 256 or larger sizes, for
interoperability reasons. 224 is too weak for any practical uses.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 include/linux/oid_registry.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 8b79e55cfc..3921fbed0b 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -129,6 +129,17 @@ enum OID {
 	OID_TPMImportableKey,		/* 2.23.133.10.1.4 */
 	OID_TPMSealedData,		/* 2.23.133.10.1.5 */
 
+	/* CSOR FIPS-202 SHA-3 */
+	OID_sha3_256,                           /* 2.16.840.1.101.3.4.2.8 */
+	OID_sha3_384,                           /* 2.16.840.1.101.3.4.2.9 */
+	OID_sha3_512,                           /* 2.16.840.1.101.3.4.2.10 */
+	OID_id_ecdsa_with_sha3_256,             /* 2.16.840.1.101.3.4.3.10 */
+	OID_id_ecdsa_with_sha3_384,             /* 2.16.840.1.101.3.4.3.11 */
+	OID_id_ecdsa_with_sha3_512,             /* 2.16.840.1.101.3.4.3.12 */
+	OID_id_rsassa_pkcs1_v1_5_with_sha3_256, /* 2.16.840.1.101.3.4.3.14 */
+	OID_id_rsassa_pkcs1_v1_5_with_sha3_384, /* 2.16.840.1.101.3.4.3.15 */
+	OID_id_rsassa_pkcs1_v1_5_with_sha3_512, /* 2.16.840.1.101.3.4.3.16 */
+
 	OID__NR
 };
 
-- 
2.34.1

[PATCH 2/6] crypto: FIPS 202 SHA-3 register in hash info for IMA

[Dimitri John Ledkov]

Register FIPS 202 SHA-3 hashes in hash info for IMA and other
users. Sizes 256 and up, as 224 is too weak for any practical
purposes.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 crypto/hash_info.c             | 6 ++++++
 include/crypto/hash_info.h     | 1 +
 include/uapi/linux/hash_info.h | 3 +++
 3 files changed, 10 insertions(+)

diff --git a/crypto/hash_info.c b/crypto/hash_info.c
index a49ff96bde..9a467638c9 100644
--- a/crypto/hash_info.c
+++ b/crypto/hash_info.c
@@ -29,6 +29,9 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = {
 	[HASH_ALGO_SM3_256]	= "sm3",
 	[HASH_ALGO_STREEBOG_256] = "streebog256",
 	[HASH_ALGO_STREEBOG_512] = "streebog512",
+	[HASH_ALGO_SHA3_256]    = "sha3-256",
+	[HASH_ALGO_SHA3_384]    = "sha3-384",
+	[HASH_ALGO_SHA3_512]    = "sha3-512",
 };
 EXPORT_SYMBOL_GPL(hash_algo_name);
 
@@ -53,5 +56,8 @@ const int hash_digest_size[HASH_ALGO__LAST] = {
 	[HASH_ALGO_SM3_256]	= SM3256_DIGEST_SIZE,
 	[HASH_ALGO_STREEBOG_256] = STREEBOG256_DIGEST_SIZE,
 	[HASH_ALGO_STREEBOG_512] = STREEBOG512_DIGEST_SIZE,
+	[HASH_ALGO_SHA3_256]    = SHA3_256_DIGEST_SIZE,
+	[HASH_ALGO_SHA3_384]    = SHA3_384_DIGEST_SIZE,
+	[HASH_ALGO_SHA3_512]    = SHA3_512_DIGEST_SIZE,
 };
 EXPORT_SYMBOL_GPL(hash_digest_size);
diff --git a/include/crypto/hash_info.h b/include/crypto/hash_info.h
index dd4f067850..d6927739f8 100644
--- a/include/crypto/hash_info.h
+++ b/include/crypto/hash_info.h
@@ -10,6 +10,7 @@
 
 #include <crypto/sha1.h>
 #include <crypto/sha2.h>
+#include <crypto/sha3.h>
 #include <crypto/md5.h>
 #include <crypto/streebog.h>
 
diff --git a/include/uapi/linux/hash_info.h b/include/uapi/linux/hash_info.h
index 74a8609fcb..0af23ec196 100644
--- a/include/uapi/linux/hash_info.h
+++ b/include/uapi/linux/hash_info.h
@@ -35,6 +35,9 @@ enum hash_algo {
 	HASH_ALGO_SM3_256,
 	HASH_ALGO_STREEBOG_256,
 	HASH_ALGO_STREEBOG_512,
+	HASH_ALGO_SHA3_256,
+	HASH_ALGO_SHA3_384,
+	HASH_ALGO_SHA3_512,
 	HASH_ALGO__LAST
 };
 
-- 
2.34.1

[PATCH 3/6] crypto: rsa-pkcs1pad - Add FIPS 202 SHA-3 support

[Dimitri John Ledkov]

Add support in rsa-pkcs1pad for FIPS 202 SHA-3 hashes, sizes 256 and
up. As 224 is too weak for any practical purposes.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 crypto/rsa-pkcs1pad.c | 25 ++++++++++++++++++++++++-
 crypto/testmgr.c      | 12 ++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index d2e5e104f8..e32e497d29 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -61,6 +61,24 @@ static const u8 rsa_digest_info_sha512[] = {
 	0x05, 0x00, 0x04, 0x40
 };
 
+static const u8 rsa_digest_info_sha3_256[] = {
+	0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
+	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08,
+	0x05, 0x00, 0x04, 0x20
+};
+
+static const u8 rsa_digest_info_sha3_384[] = {
+	0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
+	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x09,
+	0x05, 0x00, 0x04, 0x30
+};
+
+static const u8 rsa_digest_info_sha3_512[] = {
+	0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
+	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0A,
+	0x05, 0x00, 0x04, 0x40
+};
+
 static const struct rsa_asn1_template {
 	const char	*name;
 	const u8	*data;
@@ -74,8 +92,13 @@ static const struct rsa_asn1_template {
 	_(sha384),
 	_(sha512),
 	_(sha224),
-	{ NULL }
 #undef _
+#define _(X) { "sha3-" #X, rsa_digest_info_sha3_##X, sizeof(rsa_digest_info_sha3_##X) }
+	_(256),
+	_(384),
+	_(512),
+#undef _
+	{ NULL }
 };
 
 static const struct rsa_asn1_template *rsa_lookup_asn1(const char *name)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 54135c7610..a074430223 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5468,6 +5468,18 @@ static const struct alg_test_desc alg_test_descs[] = {
 		.alg = "pkcs1pad(rsa,sha512)",
 		.test = alg_test_null,
 		.fips_allowed = 1,
+	}, {
+		.alg = "pkcs1pad(rsa,sha3-256)",
+		.test = alg_test_null,
+		.fips_allowed = 1,
+	}, {
+		.alg = "pkcs1pad(rsa,sha3-384)",
+		.test = alg_test_null,
+		.fips_allowed = 1,
+	}, {
+		.alg = "pkcs1pad(rsa,sha3-512)",
+		.test = alg_test_null,
+		.fips_allowed = 1,
 	}, {
 		.alg = "poly1305",
 		.test = alg_test_hash,
-- 
2.34.1

[PATCH 4/6] crypto: x509 pkcs7 - allow FIPS 202 SHA-3 signatures

[Dimitri John Ledkov]

Add FIPS 202 SHA-3 hash signature support in x509 certificates, pkcs7
signatures, and authenticode signatures. Supports hashes of size 256
and up, as 224 is too weak for any practical purposes.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 crypto/asymmetric_keys/mscode_parser.c    |  9 +++++++++
 crypto/asymmetric_keys/pkcs7_parser.c     | 12 ++++++++++++
 crypto/asymmetric_keys/public_key.c       |  5 ++++-
 crypto/asymmetric_keys/x509_cert_parser.c | 24 +++++++++++++++++++++++
 4 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c
index 855cbc46a9..05402ef896 100644
--- a/crypto/asymmetric_keys/mscode_parser.c
+++ b/crypto/asymmetric_keys/mscode_parser.c
@@ -84,6 +84,15 @@ int mscode_note_digest_algo(void *context, size_t hdrlen,
 	case OID_sha512:
 		ctx->digest_algo = "sha512";
 		break;
+	case OID_sha3_256:
+		ctx->digest_algo = "sha3-256";
+		break;
+	case OID_sha3_384:
+		ctx->digest_algo = "sha3-384";
+		break;
+	case OID_sha3_512:
+		ctx->digest_algo = "sha3-512";
+		break;
 
 	case OID__NR:
 		sprint_oid(value, vlen, buffer, sizeof(buffer));
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index ab647cb4d7..5b08c50722 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -248,6 +248,15 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
 	case OID_gost2012Digest512:
 		ctx->sinfo->sig->hash_algo = "streebog512";
 		break;
+	case OID_sha3_256:
+		ctx->sinfo->sig->hash_algo = "sha3-256";
+		break;
+	case OID_sha3_384:
+		ctx->sinfo->sig->hash_algo = "sha3-384";
+		break;
+	case OID_sha3_512:
+		ctx->sinfo->sig->hash_algo = "sha3-512";
+		break;
 	default:
 		printk("Unsupported digest algo: %u\n", ctx->last_oid);
 		return -ENOPKG;
@@ -273,6 +282,9 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
 	case OID_id_ecdsa_with_sha256:
 	case OID_id_ecdsa_with_sha384:
 	case OID_id_ecdsa_with_sha512:
+	case OID_id_ecdsa_with_sha3_256:
+	case OID_id_ecdsa_with_sha3_384:
+	case OID_id_ecdsa_with_sha3_512:
 		ctx->sinfo->sig->pkey_algo = "ecdsa";
 		ctx->sinfo->sig->encoding = "x962";
 		break;
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 5bf0452c17..8eeab38a3d 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -119,7 +119,10 @@ software_key_determine_akcipher(const struct public_key *pkey,
 		if (strcmp(hash_algo, "sha224") != 0 &&
 		    strcmp(hash_algo, "sha256") != 0 &&
 		    strcmp(hash_algo, "sha384") != 0 &&
-		    strcmp(hash_algo, "sha512") != 0)
+		    strcmp(hash_algo, "sha512") != 0 &&
+		    strcmp(hash_algo, "sha3-256") != 0 &&
+		    strcmp(hash_algo, "sha3-384") != 0 &&
+		    strcmp(hash_algo, "sha3-512") != 0)
 			return -EINVAL;
 	} else if (strcmp(pkey->pkey_algo, "sm2") == 0) {
 		if (strcmp(encoding, "raw") != 0)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 68ef1ffbbe..487204d394 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -214,6 +214,18 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag,
 		ctx->cert->sig->hash_algo = "sha224";
 		goto rsa_pkcs1;
 
+	case OID_id_rsassa_pkcs1_v1_5_with_sha3_256:
+		ctx->cert->sig->hash_algo = "sha3-256";
+		goto rsa_pkcs1;
+
+	case OID_id_rsassa_pkcs1_v1_5_with_sha3_384:
+		ctx->cert->sig->hash_algo = "sha3-384";
+		goto rsa_pkcs1;
+
+	case OID_id_rsassa_pkcs1_v1_5_with_sha3_512:
+		ctx->cert->sig->hash_algo = "sha3-512";
+		goto rsa_pkcs1;
+
 	case OID_id_ecdsa_with_sha224:
 		ctx->cert->sig->hash_algo = "sha224";
 		goto ecdsa;
@@ -230,6 +242,18 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag,
 		ctx->cert->sig->hash_algo = "sha512";
 		goto ecdsa;
 
+	case OID_id_ecdsa_with_sha3_256:
+		ctx->cert->sig->hash_algo = "sha3-256";
+		goto ecdsa;
+
+	case OID_id_ecdsa_with_sha3_384:
+		ctx->cert->sig->hash_algo = "sha3-384";
+		goto ecdsa;
+
+	case OID_id_ecdsa_with_sha3_512:
+		ctx->cert->sig->hash_algo = "sha3-512";
+		goto ecdsa;
+
 	case OID_gost2012Signature256:
 		ctx->cert->sig->hash_algo = "streebog256";
 		goto ecrdsa;
-- 
2.34.1

[PATCH 5/6] crypto: enable automatic module signing with FIPS 202 SHA-3

[Dimitri John Ledkov]

Add Kconfig options to use SHA-3 for kernel module signing. 256 size
for RSA only, and higher sizes for RSA and NIST P-384.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 certs/Kconfig         |  2 +-
 kernel/module/Kconfig | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/certs/Kconfig b/certs/Kconfig
index 84582de66b..69d192a32d 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -30,7 +30,7 @@ config MODULE_SIG_KEY_TYPE_RSA
 config MODULE_SIG_KEY_TYPE_ECDSA
 	bool "ECDSA"
 	select CRYPTO_ECDSA
-	depends on MODULE_SIG_SHA384 || MODULE_SIG_SHA512
+	depends on !(MODULE_SIG_SHA256 || MODULE_SIG_SHA3_256)
 	help
 	 Use an elliptic curve key (NIST P384) for module signing. Use
 	 a strong hash of same or higher bit length, i.e. sha384 or
diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
index 9d7d45525f..0ea1b2970a 100644
--- a/kernel/module/Kconfig
+++ b/kernel/module/Kconfig
@@ -248,6 +248,18 @@ config MODULE_SIG_SHA512
 	bool "Sign modules with SHA-512"
 	select CRYPTO_SHA512
 
+config MODULE_SIG_SHA3_256
+	bool "Sign modules with SHA3-256"
+	select CRYPTO_SHA3
+
+config MODULE_SIG_SHA3_384
+	bool "Sign modules with SHA3-384"
+	select CRYPTO_SHA3
+
+config MODULE_SIG_SHA3_512
+	bool "Sign modules with SHA3-512"
+	select CRYPTO_SHA3
+
 endchoice
 
 config MODULE_SIG_HASH
@@ -256,6 +268,9 @@ config MODULE_SIG_HASH
 	default "sha256" if MODULE_SIG_SHA256
 	default "sha384" if MODULE_SIG_SHA384
 	default "sha512" if MODULE_SIG_SHA512
+	default "sha3-256" if MODULE_SIG_SHA3_256
+	default "sha3-384" if MODULE_SIG_SHA3_384
+	default "sha3-512" if MODULE_SIG_SHA3_512
 
 choice
 	prompt "Module compression mode"
-- 
2.34.1

[PATCH 6/6] Documentation/module-signing.txt: bring up to date

[Dimitri John Ledkov]

Update the documentation to mention that ECC NIST P-384 automatic
keypair generation is available to use ECDSA signature type, in
addition to the RSA.

Drop mentions of the now removed SHA-1 and SHA-224 options.

Add the just added FIPS 202 SHA-3 module signature hashes.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 Documentation/admin-guide/module-signing.rst | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst
index 2898b27032..a8667a7774 100644
--- a/Documentation/admin-guide/module-signing.rst
+++ b/Documentation/admin-guide/module-signing.rst
@@ -28,10 +28,10 @@ trusted userspace bits.
 
 This facility uses X.509 ITU-T standard certificates to encode the public keys
 involved.  The signatures are not themselves encoded in any industrial standard
-type.  The facility currently only supports the RSA public key encryption
-standard (though it is pluggable and permits others to be used).  The possible
-hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and
-SHA-512 (the algorithm is selected by data in the signature).
+type.  The built-in facility currently only supports the RSA & NIST P-384 ECDSA
+public key signing standard (though it is pluggable and permits others to be
+used).  The possible hash algorithms that can be used are SHA-2 and SHA-3 of
+sizes 256, 384, and 512 (the algorithm is selected by data in the signature).
 
 
 ==========================
@@ -81,11 +81,12 @@ This has a number of options available:
      sign the modules with:
 
         =============================== ==========================================
-	``CONFIG_MODULE_SIG_SHA1``	:menuselection:`Sign modules with SHA-1`
-	``CONFIG_MODULE_SIG_SHA224``	:menuselection:`Sign modules with SHA-224`
 	``CONFIG_MODULE_SIG_SHA256``	:menuselection:`Sign modules with SHA-256`
 	``CONFIG_MODULE_SIG_SHA384``	:menuselection:`Sign modules with SHA-384`
 	``CONFIG_MODULE_SIG_SHA512``	:menuselection:`Sign modules with SHA-512`
+	``CONFIG_MODULE_SIG_SHA3_256``	:menuselection:`Sign modules with SHA3-256`
+	``CONFIG_MODULE_SIG_SHA3_384``	:menuselection:`Sign modules with SHA3-384`
+	``CONFIG_MODULE_SIG_SHA3_512``	:menuselection:`Sign modules with SHA3-512`
         =============================== ==========================================
 
      The algorithm selected here will also be built into the kernel (rather
@@ -145,6 +146,10 @@ into vmlinux) using parameters in the::
 
 file (which is also generated if it does not already exist).
 
+One can select between RSA (``MODULE_SIG_KEY_TYPE_RSA``) and ECDSA
+(``MODULE_SIG_KEY_TYPE_ECDSA``) to generate either RSA 4k or NIST
+P-384 keypair.
+
 It is strongly recommended that you provide your own x509.genkey file.
 
 Most notably, in the x509.genkey file, the req_distinguished_name section
-- 
2.34.1

Re: [PATCH 0/6] crypto: pkcs7 x509 add FIPS 202 SHA-3 support

[Herbert Xu]

On Sun, Oct 22, 2023 at 07:22:02PM +0100, Dimitri John Ledkov wrote:
> Recent patches to cryptodev removed support for insecure, broken or
> weak x509/pkcs7 signing hashes MD4, MD5, SHA1, SHA-224. This opens
> room to add SHA-3 family of hashes, which are not yet broken.
> 
> Add support for FIPS 202 SHA-3 in x509 RSA & ECC certs, pkcs7
> signatures, hash info structs. And adjust documentation.
> 
> This enables using SHA-3 family of hashes for kernel module signing.
> 
> For SHA3+ECC signing openssl with this patch [0] is needed, currently
> in openssl development tip. SHA3+RSA signing is supported by stable
> openssl.
> 
> kmod needs a patch to recognise SHA3 hash names [1], submitted
> separately.
> 
> This patch series is on top of tip of cryptodev git repository commit
> a2786e8bdd ("crypto: qcom-rng - Add missing dependency on hw_random")
> 
> [0] https://github.com/openssl/openssl/pull/22147/files
> [1] https://lore.kernel.org/all/20231022180928.180437-1-dimitri.ledkov@canonical.com/
> 
> Dimitri John Ledkov (6):
>   x509: Add OIDs for FIPS 202 SHA-3 hash and signatures
>   crypto: FIPS 202 SHA-3 register in hash info for IMA
>   crypto: rsa-pkcs1pad - Add FIPS 202 SHA-3 support
>   crypto: x509 pkcs7 - allow FIPS 202 SHA-3 signatures
>   crypto: enable automatic module signing with FIPS 202 SHA-3
>   Documentation/module-signing.txt: bring up to date
> 
>  Documentation/admin-guide/module-signing.rst | 17 ++++++++-----
>  certs/Kconfig                                |  2 +-
>  crypto/asymmetric_keys/mscode_parser.c       |  9 +++++++
>  crypto/asymmetric_keys/pkcs7_parser.c        | 12 ++++++++++
>  crypto/asymmetric_keys/public_key.c          |  5 +++-
>  crypto/asymmetric_keys/x509_cert_parser.c    | 24 +++++++++++++++++++
>  crypto/hash_info.c                           |  6 +++++
>  crypto/rsa-pkcs1pad.c                        | 25 +++++++++++++++++++-
>  crypto/testmgr.c                             | 12 ++++++++++
>  include/crypto/hash_info.h                   |  1 +
>  include/linux/oid_registry.h                 | 11 +++++++++
>  include/uapi/linux/hash_info.h               |  3 +++
>  kernel/module/Kconfig                        | 15 ++++++++++++
>  13 files changed, 133 insertions(+), 9 deletions(-)
> 
> -- 
> 2.34.1

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt