crypto: rsa - limit key size to 2048 in FIPS mode

FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should consider the enforcement of this limit. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: rsa - limit key size to 2048 in FIPS mode
FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should consider the enforcement of this limit. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1ce1bacc · Stephan Müller · Herbert Xu · 552d03a2 · 1ce1bacc
Commit 1ce1bacc authored Nov 21, 2021 by Stephan Müller Committed by Herbert Xu Nov 26, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

crypto/rsa.c crypto/rsa.c +4 -0

No files found.
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -5,6 +5,7 @@
 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
 */
+#include <linux/fips.h>
 #include <linux/module.h>
 #include <linux/mpi.h>
 #include <crypto/internal/rsa.h>
@@ -144,6 +145,9 @@ static int rsa_check_key_length(unsigned int len)
 	case 512:
 	case 1024:
 	case 1536:
+		if (fips_enabled)
+			return -EINVAL;
+		fallthrough;
 	case 2048:
 	case 3072:
 	case 4096: