From: Stephan Mueller Subject: Re: RSA key size not allowed in FIPS Date: Tue, 09 Aug 2016 16:29:37 +0200 Message-ID: <2825660.AnRQGUh0XD@tauon.atsec.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8BIT Cc: "linux-crypto@vger.kernel.org" To: Tapas Sarangi Return-path: Received: from mail.eperm.de ([89.247.134.16]:34398 "EHLO mail.eperm.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751821AbcHIO3k convert rfc822-to-8bit (ORCPT ); Tue, 9 Aug 2016 10:29:40 -0400 In-Reply-To: Sender: linux-crypto-owner@vger.kernel.org List-ID: Am Dienstag, 9. August 2016, 14:10:33 CEST schrieb Tapas Sarangi: Hi Tapas, > Hello, > > I am using vanilla kernel-4.7 source. It crashes with the following when > booted with ?fips=1 boot=/dev/sda1? option at the kernel command line > argument. The kernel only allows 2k and 3k RSA keys in FIPS mode. Please check your RSA key used for signatures. /* In FIPS mode only allow key size 2K & 3K */ if (n_sz != 256 && n_sz != 384) { pr_err("RSA: key size not allowed in FIPS mode\n"); return -EINVAL; } Ciao Stephan