Am Freitag, 8. April 2016, 12:54:10 schrieb Jeffrey Walton: Hi Jeffrey, > > +int rsa_check_key_length(unsigned int len) > > +{ > > + switch (len) { > > + case 512: > > + case 1024: > > + case 1536: > > + case 2048: > > + case 3072: > > + case 4096: > > + return 0; > > + } > > + > > + return -EINVAL; > > +} > > That's an unusual restriction. > > > + key->n_sz = vlen; > > + /* In FIPS mode only allow key size 2K & 3K */ > > + if (fips_enabled && (key->n_sz != 256 && key->n_sz != 384)) { > > + dev_err(ctx->dev, "RSA: key size not allowed in FIPS > > mode\n"); + goto err; > > + } > > That's an unusual restriction, too. As far as I know, FIPS does not > place that restriction. It does, see SP80-131A and the requirements on CAVS. Very lately they added 4k too, hence my question. > > Jeff Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html