diff options
author | Stephan Müller <smueller@chronox.de> | 2021-11-21 15:31:27 +0100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2021-11-26 16:25:18 +1100 |
commit | e2352da3a91a315033f44644c5038ed566d90a21 (patch) | |
tree | 00cdd9a8cff3547624eef16156d5af8dd9d91a52 | |
parent | 4e848b73c03235292e6c6dd7f6d641fcb741a69b (diff) | |
download | linux-crypto-e2352da3a91a315033f44644c5038ed566d90a21.tar.gz linux-crypto-e2352da3a91a315033f44644c5038ed566d90a21.zip |
crypto: rsa - limit key size to 2048 in FIPS mode
FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should
consider the enforcement of this limit.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/rsa.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/rsa.c b/crypto/rsa.c index 4cdbec95..39e04176 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -5,6 +5,7 @@ * Authors: Tadeusz Struk <tadeusz.struk@intel.com> */ +#include <linux/fips.h> #include <linux/module.h> #include <linux/mpi.h> #include <crypto/internal/rsa.h> @@ -144,6 +145,9 @@ static int rsa_check_key_length(unsigned int len) case 512: case 1024: case 1536: + if (fips_enabled) + return -EINVAL; + fallthrough; case 2048: case 3072: case 4096: |