crypto: rsa - limit supported key lengths

Introduce constrains for RSA keys lengths. Only key lengths of 512, 1024, 1536, 2048, 3072, and 4096 bits will be supported. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Tadeusz Struk <tadeusz.struk@intel.com> 2015-07-15 15:28:43 -0700
committer: Herbert Xu <herbert@gondor.apana.org.au> 2015-07-17 21:20:19 +0800
commit: 6e8ec66c3d9cebcbf71d66f92e40b5d7e1d1f490 (patch)
tree: 89835b740b99039e2c4fc667cae8132e0258c274 /crypto/rsa.c
parent: a990532023b903b10cf14736241cdd138e4bc92c (diff)
1 files changed, 25 insertions, 1 deletions
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 752af0656f2e..466003e1a8cf 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -267,12 +267,36 @@ err_free_m:
 	return ret;
 }
 
+static int rsa_check_key_length(unsigned int len)
+{
+	switch (len) {
+	case 512:
+	case 1024:
+	case 1536:
+	case 2048:
+	case 3072:
+	case 4096:
+		return 0;
+	}
+
+	return -EINVAL;
+}
+
 static int rsa_setkey(struct crypto_akcipher *tfm, const void *key,
 		      unsigned int keylen)
 {
 	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
+	int ret;
 
-	return rsa_parse_key(pkey, key, keylen);
+	ret = rsa_parse_key(pkey, key, keylen);
+	if (ret)
+		return ret;
+
+	if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
+		rsa_free_key(pkey);
+		ret = -EINVAL;
+	}
+	return ret;
 }
 
 static void rsa_exit_tfm(struct crypto_akcipher *tfm)
author	Tadeusz Struk <tadeusz.struk@intel.com>	2015-07-15 15:28:43 -0700
committer	Herbert Xu <herbert@gondor.apana.org.au>	2015-07-17 21:20:19 +0800
commit	6e8ec66c3d9cebcbf71d66f92e40b5d7e1d1f490 (patch)
tree	89835b740b99039e2c4fc667cae8132e0258c274 /crypto/rsa.c
parent	a990532023b903b10cf14736241cdd138e4bc92c (diff)