[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Sat Apr 21 21:55:52 UTC 2018


New commits:
commit c72f5a9e7a0b6cc88ecdc45fa1d7bad01f3a33b5
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Apr 21 17:54:02 2018 -0400

    testing: bump standard X509 key to 3072 (FIPS minimum)
    
    Rename the unused "bigkey" which used 2048, to "smallkey" so it can
    be used in FIPS testing for proper rejection.

commit 50a40f8492b1a2849e2643c9be75436eeab611e4
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Apr 21 17:49:01 2018 -0400

    FIPS: reject RSA keys < 3072 bits - Patch by Matt Rogers
    
    This patch was forgotten and dormant in the fips_key_size branch
    
    If NSS is running in FIPS mode, it should also have rejected any
    operations with a < 3072 RSA bit, but we might as well reject it
    at load time instead of at use time.



More information about the Swan-commit mailing list