Am Freitag, 8. April 2016, 12:54:10 schrieb Jeffrey Walton:
Hi Jeffrey,
> > +int rsa_check_key_length(unsigned int len)
> > +{
> > + switch (len) {
> > + case 512:
> > + case 1024:
> > + case 1536:
> > + case 2048:
> > + case 3072:
> > + case 4096:
> > + return 0;
> > + }
> > +
> > + return -EINVAL;
> > +}
>
> That's an unusual restriction.
>
> > + key->n_sz = vlen;
> > + /* In FIPS mode only allow key size 2K & 3K */
> > + if (fips_enabled && (key->n_sz != 256 && key->n_sz != 384)) {
> > + dev_err(ctx->dev, "RSA: key size not allowed in FIPS
> > mode\n"); + goto err;
> > + }
>
> That's an unusual restriction, too. As far as I know, FIPS does not
> place that restriction.
It does, see SP80-131A and the requirements on CAVS.
Very lately they added 4k too, hence my question.
>
> Jeff
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
