Message ID | 25197881.1r3eYUQgxm@positron.chronox.de (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Herbert Xu |
Headers | show |
Series | crypto: RSA - limit key size to 2048 in FIPS mode | expand |
On Sun, Nov 21, 2021 at 03:31:27PM +0100, Stephan Müller wrote: > FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should > consider the enforcement of this limit. > > Signed-off-by: Stephan Mueller <smueller@chronox.de> > --- > crypto/rsa.c | 4 ++++ > 1 file changed, 4 insertions(+) Patch applied. Thanks.
diff --git a/crypto/rsa.c b/crypto/rsa.c index 4cdbec95d077..39e04176b04b 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -5,6 +5,7 @@ * Authors: Tadeusz Struk <tadeusz.struk@intel.com> */ +#include <linux/fips.h> #include <linux/module.h> #include <linux/mpi.h> #include <crypto/internal/rsa.h> @@ -144,6 +145,9 @@ static int rsa_check_key_length(unsigned int len) case 512: case 1024: case 1536: + if (fips_enabled) + return -EINVAL; + fallthrough; case 2048: case 3072: case 4096:
FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should consider the enforcement of this limit. Signed-off-by: Stephan Mueller <smueller@chronox.de> --- crypto/rsa.c | 4 ++++ 1 file changed, 4 insertions(+)