diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-02-14 18:18:38 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-02-14 18:18:40 +0100 |
commit | 713544ee0966dbf14bab516a09f6991e6df52759 (patch) | |
tree | 945811a48e1ff99c600b699a6fa6a5d5563cf79e /lib/nettle | |
parent | ab885ac360811de4a899115970005bdb93f69f03 (diff) | |
download | gnutls-713544ee0966dbf14bab516a09f6991e6df52759.tar.gz |
provable RSA key generation: allow non-2048 and non-3072 keys
That is enforce the 2048 and 3072-bit limit to FIPS when in FIPS140-2
mode.
Diffstat (limited to 'lib/nettle')
-rw-r--r-- | lib/nettle/int/rsa-keygen-fips186.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c index fe6c3d704d..e5fbb12e40 100644 --- a/lib/nettle/int/rsa-keygen-fips186.c +++ b/lib/nettle/int/rsa-keygen-fips186.c @@ -402,8 +402,11 @@ rsa_generate_fips186_4_keypair(struct rsa_public_key *pub, unsigned seed_length; int ret; - if (n_size != 2048 && n_size != 3072) { - return 0; + if (_gnutls_fips_mode_enabled() != 0) { + if (n_size != 2048 && n_size != 3072) { + _gnutls_debug_log("The size of a prime can only be 2048 or 3072\n"); + return 0; + } } if (n_size == 2048) |