crypto: rsa - allow keys >= 2048 bits in FIPS mode - linux-crypto.git

diff options

author	Stephan Mueller <smueller@chronox.de>	2016-08-23 10:09:32 +0200
committer	Herbert Xu <herbert@gondor.apana.org.au>	2016-08-24 21:07:10 +0800
commit	51475df34c916c7748c0899d303bb7b3a3092d77 (patch)
tree	912608bb59ae2d67dfa3bfdb402c2118632fde76 /crypto/xor.c
parent	9d280d05d087f2639385ee7820f59fa79bdf2cc2 (diff)
download	linux-crypto-51475df34c916c7748c0899d303bb7b3a3092d77.tar.gz linux-crypto-51475df34c916c7748c0899d303bb7b3a3092d77.zip

crypto: rsa - allow keys >= 2048 bits in FIPS mode

With a public notification, NIST now allows the use of RSA keys with a modulus >= 2048 bits. The new rule allows any modulus size >= 2048 bits provided that either 2048 or 3072 bits are supported at least so that the entire RSA implementation can be CAVS tested. This patch fixes the inability to boot the kernel in FIPS mode, because certs/x509.genkey defines a 4096 bit RSA key per default. This key causes the RSA signature verification to fail in FIPS mode without the patch below. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Diffstat (limited to 'crypto/xor.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: