Am Dienstag, 9. August 2016, 16:55:52 CEST schrieb Stephan Mueller:
Hi Tapas, David,
>
> David, the x509.genkey file seems to generate a 4k RSA key per default. This
> will cause a panic with fips=1 as only 2k and 3k keys are allowed.
Just yesterday, a new ruling came out from NIST allowing any
Am Dienstag, 9. August 2016, 16:07:06 CEST schrieb Tapas Sarangi:
Hi Tapas,
> Hi Stephan,
>
>
> Thanks for your responses. I am past this error now.
>
> I am still NOT out of trouble. Now, test integrity fails while trying to
> get into FIPS mode. Here is the snippet of error messages. I will
Hi Stephan,
Thanks for your responses. I am past this error now.
I am still NOT out of trouble. Now, test integrity fails while trying to
get into FIPS mode. Here is the snippet of error messages. I will create
a separate thread for this,
/boot/vmlinuz-4.7.0-1.tos2_5: OK
modprobe: ERROR: could
Embarrassing! Yes, I just saw this while you are pressing send on that
replyŠ default bits were set to 4096 in x509.genkey. :-(
I am trying out with 2048 bits. I will confirm.
-Tapas
On 8/9/16, 9:55 AM, "Stephan Mueller" wrote:
>Am Dienstag, 9. August 2016, 14:39:03 CEST schrieb Tapas Sarangi
Am Dienstag, 9. August 2016, 14:39:03 CEST schrieb Tapas Sarangi:
Hi Tapas, David,
> Hi Stephan,
>
> If I understand this correctly, this (CONFIG_MODULE_SIG_HASH=“sha256")
> tells about the key size used.
> I am using “sha256”. Initially, I was using “sha512” which I thought could
> be causing p
when
>>> booted with ³fips=1 boot=/dev/sda1² option at the kernel command line
>>> argument.
>>
>>The kernel only allows 2k and 3k RSA keys in FIPS mode. Please check your
>>RSA
>>key used for signatures.
>>
>>/* In FIPS mod
/* In FIPS mode only allow key size 2K & 3K */
> if (n_sz != 256 && n_sz != 384) {
>pr_err("RSA: key size not allowed in FIPS
>mode\n");
>return -EINVAL;
>}
>
>Ci
On 08/09/2016 09:10 AM, Tapas Sarangi wrote:
Ps : I could not send any attachment, is it possible to send attachment to
this mailing list ?
Pretty sure that's frowned upon.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.ker
3k RSA keys in FIPS mode. Please check your RSA
key used for signatures.
/* In FIPS mode only allow key size 2K & 3K */
if (n_sz != 256 && n_sz != 384) {
pr_err("RSA: key size not allowed in FIPS mode\n");
Hello,
I am using vanilla kernel-4.7 source. It crashes with the following when
booted with ³fips=1 boot=/dev/sda1² option at the kernel command line
argument.
[0.642411] RSA: key size not allowed in FIPS mode
[0.643099] Problem loading in-kernel X.509 certificate (-22)
[0.800524
10 matches
Mail list logo
