On Wed, Feb 24, 2016, Neptune wrote: > Using: > FIPS Object Module 2.0.9 > OpenSSL 1.0.1l > > When I call RSA_generate_key: > if (rsa = RSA_generate_key(keySize, RSA_F4, NULL, NULL)) > > I get the following error string: > (OPENSSL error:04081078:rsa routines:RSA_BUILTIN_KEYGEN:key size too small) > > As I understand, RSA Key size must be 2048 or greater in FIPS mode, so I > printed out the key size just before calling the above function: > > ******** KEYSIZE = 2048. > > What else could cause this function to report a key size too small if it is > 2048 bits? Is 2048 still FIPS-compliant? > BTW: this works if FIPS mode is off. > That isn't the error I'd expect if it was rejecting the key size straight away. Do you have a small program that can reproduce this? What happens if you do: OPENSSL_FIPS=1 openssl genrsa 2048 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
