Introduce constrains for RSA keys lengths. Only key lengths of 512, 1024, 1536, 2048, 3072, and 4096 bits will be supported. Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx> --- crypto/rsa.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/crypto/rsa.c b/crypto/rsa.c index 752af06..466003e 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -267,12 +267,36 @@ err_free_m: return ret; } +static int rsa_check_key_length(unsigned int len) +{ + switch (len) { + case 512: + case 1024: + case 1536: + case 2048: + case 3072: + case 4096: + return 0; + } + + return -EINVAL; +} + static int rsa_setkey(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { struct rsa_key *pkey = akcipher_tfm_ctx(tfm); + int ret; - return rsa_parse_key(pkey, key, keylen); + ret = rsa_parse_key(pkey, key, keylen); + if (ret) + return ret; + + if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) { + rsa_free_key(pkey); + ret = -EINVAL; + } + return ret; } static void rsa_exit_tfm(struct crypto_akcipher *tfm) -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html