From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751702AbbFPBtZ (ORCPT ); Mon, 15 Jun 2015 21:49:25 -0400 Received: from mga03.intel.com ([134.134.136.65]:58188 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751132AbbFPBtS (ORCPT ); Mon, 15 Jun 2015 21:49:18 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.13,622,1427785200"; d="scan'208";a="747306429" Message-ID: <557F809B.3060001@intel.com> Date: Mon, 15 Jun 2015 18:49:15 -0700 From: Tadeusz Struk User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Stephan Mueller CC: herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, keescook@chromium.org, jwboyer@redhat.com, richard@nod.at, steved@redhat.com, qat-linux@intel.com, dhowells@redhat.com, linux-crypto@vger.kernel.org, james.l.morris@oracle.com, jkosina@suse.cz, zohar@linux.vnet.ibm.com, davem@davemloft.net, vgoyal@redhat.com Subject: Re: [PATCH RFC v5 3/4] crypto: rsa: add a new rsa generic implementation References: <20150615201831.15697.57738.stgit@tstruk-mobl1> <20150615201847.15697.55852.stgit@tstruk-mobl1> <3921303.7tkMvJ6vYE@tachyon.chronox.de> In-Reply-To: <3921303.7tkMvJ6vYE@tachyon.chronox.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/15/2015 04:23 PM, Stephan Mueller wrote: >> + /* In FIPS mode only allow key size minimum 2K */ >> > + if (fips_enabled && (mpi_get_size(key->n) < 256)) { > Considering my previous email, shouldn't that check rather be > > if (fips_enabled && > ((mpi_get_size(key->n) != 256) || (mpi_get_size(key->n) != 384)) I'm not familiar with the FIPS requirements. I checked the NIST recommendations witch states that RSA: |n| >= 2048 is acceptable. If FIPS allows 2K and 3K only then we need to change it.