crypto: rsa - limit key size to 2048 in FIPS mode
FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should consider the enforcement of this limit. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
552d03a223
commit
1ce1bacc48
|
@ -5,6 +5,7 @@
|
|||
* Authors: Tadeusz Struk <tadeusz.struk@intel.com>
|
||||
*/
|
||||
|
||||
#include <linux/fips.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/mpi.h>
|
||||
#include <crypto/internal/rsa.h>
|
||||
|
@ -144,6 +145,9 @@ static int rsa_check_key_length(unsigned int len)
|
|||
case 512:
|
||||
case 1024:
|
||||
case 1536:
|
||||
if (fips_enabled)
|
||||
return -EINVAL;
|
||||
fallthrough;
|
||||
case 2048:
|
||||
case 3072:
|
||||
case 4096:
|
||||
|
|
Loading…
Reference in New Issue