• Stephan Mueller's avatar
    crypto: rsa - allow keys >= 2048 bits in FIPS mode · e09287df
    Stephan Mueller authored
    With a public notification, NIST now allows the use of RSA keys with a
    modulus >= 2048 bits. The new rule allows any modulus size >= 2048 bits
    provided that either 2048 or 3072 bits are supported at least so that
    the entire RSA implementation can be CAVS tested.
    
    This patch fixes the inability to boot the kernel in FIPS mode, because
    certs/x509.genkey defines a 4096 bit RSA key per default. This key causes
    the RSA signature verification to fail in FIPS mode without the patch
    below.
    Signed-off-by: 's avatarStephan Mueller <smueller@chronox.de>
    Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
    e09287df