[openssl-users] RSA_generate_key fails in FIPS Mode with key size 2048

Neptune pdrotter at us.ibm.com
Wed Feb 24 16:31:42 UTC 2016

FIPS Object Module 2.0.9
OpenSSL 1.0.1l

When I call RSA_generate_key:
if (rsa = RSA_generate_key(keySize, RSA_F4, NULL, NULL))

I get the following error string:
(OPENSSL error:04081078:rsa routines:RSA_BUILTIN_KEYGEN:key size too small)

As I understand, RSA Key size must be 2048 or greater in FIPS mode, so I
printed out the key size just before calling the above function:

******** KEYSIZE = 2048.

What else could cause this function to report a key size too small if it is
2048 bits? Is 2048 still FIPS-compliant? 
BTW: this works if FIPS mode is off.


View this message in context: http://openssl.6102.n7.nabble.com/RSA-generate-key-fails-in-FIPS-Mode-with-key-size-2048-tp63989.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

More information about the openssl-users mailing list