> +int rsa_check_key_length(unsigned int len) > +{ > + switch (len) { > + case 512: > + case 1024: > + case 1536: > + case 2048: > + case 3072: > + case 4096: > + return 0; > + } > + > + return -EINVAL; > +} That's an unusual restriction. > + key->n_sz = vlen; > + /* In FIPS mode only allow key size 2K & 3K */ > + if (fips_enabled && (key->n_sz != 256 && key->n_sz != 384)) { > + dev_err(ctx->dev, "RSA: key size not allowed in FIPS mode\n"); > + goto err; > + } That's an unusual restriction, too. As far as I know, FIPS does not place that restriction. Jeff -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html