From 1ce1bacc480965fab4420e561916ce45d2e90c05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20M=C3=BCller?= Date: Sun, 21 Nov 2021 15:31:27 +0100 Subject: crypto: rsa - limit key size to 2048 in FIPS mode FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should consider the enforcement of this limit. Signed-off-by: Stephan Mueller Signed-off-by: Herbert Xu --- crypto/rsa.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'crypto') diff --git a/crypto/rsa.c b/crypto/rsa.c index 4cdbec95d077..39e04176b04b 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -5,6 +5,7 @@ * Authors: Tadeusz Struk */ +#include #include #include #include @@ -144,6 +145,9 @@ static int rsa_check_key_length(unsigned int len) case 512: case 1024: case 1536: + if (fips_enabled) + return -EINVAL; + fallthrough; case 2048: case 3072: case 4096: -- cgit v1.2.3