summaryrefslogtreecommitdiff
path: root/samples
diff options
context:
space:
mode:
authorStephan Mueller <smueller@chronox.de>2016-08-23 11:09:32 +0300
committerHerbert Xu <herbert@gondor.apana.org.au>2016-08-24 16:07:10 +0300
commite09287dfef280dbe9f9aa1faa7a125957e9b7fbb (patch)
treeb6004f2e25b55f8addea90516cbe08c3dcb48df7 /samples
parent59df87c3498a34283baf185ab0396f4742acdee5 (diff)
downloadlinux-e09287dfef280dbe9f9aa1faa7a125957e9b7fbb.tar.xz
crypto: rsa - allow keys >= 2048 bits in FIPS mode
With a public notification, NIST now allows the use of RSA keys with a modulus >= 2048 bits. The new rule allows any modulus size >= 2048 bits provided that either 2048 or 3072 bits are supported at least so that the entire RSA implementation can be CAVS tested. This patch fixes the inability to boot the kernel in FIPS mode, because certs/x509.genkey defines a 4096 bit RSA key per default. This key causes the RSA signature verification to fail in FIPS mode without the patch below. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'samples')
0 files changed, 0 insertions, 0 deletions