diff options
author | Tadeusz Struk <tadeusz.struk@intel.com> | 2015-07-15 15:28:43 -0700 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2015-07-17 21:20:19 +0800 |
commit | 6e8ec66c3d9cebcbf71d66f92e40b5d7e1d1f490 (patch) | |
tree | 89835b740b99039e2c4fc667cae8132e0258c274 | |
parent | a990532023b903b10cf14736241cdd138e4bc92c (diff) | |
download | lwn-6e8ec66c3d9cebcbf71d66f92e40b5d7e1d1f490.tar.gz lwn-6e8ec66c3d9cebcbf71d66f92e40b5d7e1d1f490.zip |
crypto: rsa - limit supported key lengths
Introduce constrains for RSA keys lengths.
Only key lengths of 512, 1024, 1536, 2048, 3072, and 4096 bits
will be supported.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/rsa.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/crypto/rsa.c b/crypto/rsa.c index 752af0656f2e..466003e1a8cf 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -267,12 +267,36 @@ err_free_m: return ret; } +static int rsa_check_key_length(unsigned int len) +{ + switch (len) { + case 512: + case 1024: + case 1536: + case 2048: + case 3072: + case 4096: + return 0; + } + + return -EINVAL; +} + static int rsa_setkey(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { struct rsa_key *pkey = akcipher_tfm_ctx(tfm); + int ret; - return rsa_parse_key(pkey, key, keylen); + ret = rsa_parse_key(pkey, key, keylen); + if (ret) + return ret; + + if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) { + rsa_free_key(pkey); + ret = -EINVAL; + } + return ret; } static void rsa_exit_tfm(struct crypto_akcipher *tfm) |