-
Notifications
You must be signed in to change notification settings - Fork 111
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Allowed RSA KeySize Generation to FIPS 186-5 specification (#1823
) ### Description of changes: Updates RSA key size generation to support FIPS 186-5 specification that allows for RSA key sizes >= 2048 and even modulus length. **Note**: The even modulous length check is satisfied by the `bits % 128 == 0` check on the `RSA_generate_key_fips` and `EVP_PKEY_keygen` indicator check paths. 128 is chosen here as the underlying RSA key generation implementation will only generate RSA keys that are evenly divisible by 128, otherwise it will round down to the nearest value. Enforcing this on the key generation path will ensure that the request bit length is always returned on the FIPS path. Signing/Verification paths continue to enforce the divisible by 2 check in the event the key was not generated by our module. Also cleans up the entire ACVP RSA capabilities registration (looks like a lot of whitespace changes, but I also collapsed some of the registration attributes that didn't need to be duplicated). Also added back the 1024 bit key testing with other algorithms in addition to SHA-1. Note ACVP only supports testing up to 8192 key size due to infrastructure limitations, and SigGen and SigVer only supports keys up to 4096. ACVP KeyGen tests the following key sizes: 2048, 3072, 4096, 6144, or 8192 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
- Loading branch information
Showing
10 changed files
with
548 additions
and
492 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
Binary file not shown.
Binary file not shown.
Oops, something went wrong.