Commit 1e146c39 authored by Stephan Müller's avatar Stephan Müller Committed by Herbert Xu

crypto: dh - limit key size to 2048 in FIPS mode

FIPS disallows DH with keys < 2048 bits. Thus, the kernel should
consider the enforcement of this limit.
Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 1ce1bacc
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
* Authors: Salvatore Benedetto <salvatore.benedetto@intel.com> * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
*/ */
#include <linux/fips.h>
#include <linux/module.h> #include <linux/module.h>
#include <crypto/internal/kpp.h> #include <crypto/internal/kpp.h>
#include <crypto/kpp.h> #include <crypto/kpp.h>
...@@ -47,6 +48,9 @@ static inline struct dh_ctx *dh_get_ctx(struct crypto_kpp *tfm) ...@@ -47,6 +48,9 @@ static inline struct dh_ctx *dh_get_ctx(struct crypto_kpp *tfm)
static int dh_check_params_length(unsigned int p_len) static int dh_check_params_length(unsigned int p_len)
{ {
if (fips_enabled)
return (p_len < 2048) ? -EINVAL : 0;
return (p_len < 1536) ? -EINVAL : 0; return (p_len < 1536) ? -EINVAL : 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment