crypto: rsa - limit key size to 2048 in FIPS mode

FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should
consider the enforcement of this limit.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Stephan Müller 2021-11-21 15:31:27 +01:00 committed by Herbert Xu
parent 552d03a223
commit 1ce1bacc48
1 changed files with 4 additions and 0 deletions

View File

@ -5,6 +5,7 @@
* Authors: Tadeusz Struk <tadeusz.struk@intel.com>
*/
#include <linux/fips.h>
#include <linux/module.h>
#include <linux/mpi.h>
#include <crypto/internal/rsa.h>
@ -144,6 +145,9 @@ static int rsa_check_key_length(unsigned int len)
case 512:
case 1024:
case 1536:
if (fips_enabled)
return -EINVAL;
fallthrough;
case 2048:
case 3072:
case 4096: