Skip to content

Commit

Permalink
Align RSA_generate_key_fips and EVP_PKEY_keygen indicator checks to b…
Browse files Browse the repository at this point in the history 
…e consistent generation constraints
  • Loading branch information
@skmcgrail
skmcgrail committed Sep 6, 2024
1 parent 6b5fc31 commit 640fbd6
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions crypto/fipsmodule/service_indicator/service_indicator.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,9 +298,10 @@ void ECDH_verify_service_indicator(const EC_KEY *ec_key) {
void EVP_PKEY_keygen_verify_service_indicator(const EVP_PKEY *pkey) {
if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS) {
// The approved RSA key sizes for signing are key sizes >= 2048 bits and
// bits % 2 == 0.
// bits % 2 == 0, though we check bits % 128 == 0 for consistency with
// our RSA key generation.
size_t n_bits = RSA_bits(pkey->pkey.rsa);
if (n_bits >= 2048 && n_bits % 2 == 0) {
if (n_bits >= 2048 && n_bits % 128 == 0) {
FIPS_service_indicator_update_state();
}
} else if (pkey->type == EVP_PKEY_EC) {
Expand Down

0 comments on commit 640fbd6

Please sign in to comment.