Commit 1ce1bacc authored by Stephan Müller's avatar Stephan Müller Committed by Herbert Xu
Browse files

crypto: rsa - limit key size to 2048 in FIPS mode 



FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should
consider the enforcement of this limit.

Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 552d03a2

crypto/rsa.c

+4 −0
Original line number Diff line number Diff line
@@ -5,6 +5,7 @@ 
 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>

 */



#include <linux/fips.h>

#include <linux/module.h>

#include <linux/mpi.h>

#include <crypto/internal/rsa.h>
@@ -144,6 +145,9 @@ static int rsa_check_key_length(unsigned int len) 
	case 512:

	case 1024:

	case 1536:

		if (fips_enabled)

			return -EINVAL;

		fallthrough;

	case 2048:

	case 3072:

	case 4096: