Re: [PATCH] crypto: FIPS - allow RSA keys >= 2048 bits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 23, 2016 at 10:09:32AM +0200, Stephan Mueller wrote:
> With a public notification, NIST now allows the use of RSA keys with a
> modulus >= 2048 bits. The new rule allows any modulus size >= 2048 bits
> provided that either 2048 or 3072 bits are supported at least so that
> the entire RSA implementation can be CAVS tested.
> 
> This patch fixes the inability to boot the kernel in FIPS mode, because
> certs/x509.genkey defines a 4096 bit RSA key per default. This key causes
> the RSA signature verification to fail in FIPS mode without the patch
> below.
> 
> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux