projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd4afec) | patch
Update RSA keygen to use sp800-56b by default
authorShane Lontis <shane.lontis@oracle.com>
Tue, 9 Jun 2020 22:59:56 +0000 (08:59 +1000)
committerShane Lontis <shane.lontis@oracle.com>
Tue, 9 Jun 2020 22:59:56 +0000 (08:59 +1000)
commit8bf37709a471bb31d2e1f5b4b3796fb3e6dce4df
treee98500058e4d1c66bec1b7badd759b6c61bab683tree | snapshot
parentcd4afec69f13e283f74d59f1c97e15db6803bdcbcommit | diff
Update RSA keygen to use sp800-56b by default

Fixes #11742
Fixes #11764

The newer RSA sp800-56b algorithm is being used for the normal case of a non multiprime key of at least length 2048.
Insecure key lengths and mutltiprime RSA will use the old method.

Bad public exponents are no longer allowed (i.e values less than 65537 or even). Values such as 2 that would cause a infinite loop now result in an error. The value of 3 has been marked as deprecated but is still allowed for legacy purposes.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11765)
apps/genrsa.c diff | blob | history
crypto/rsa/rsa_gen.c diff | blob | history
crypto/rsa/rsa_sp800_56b_check.c diff | blob | history
crypto/rsa/rsa_sp800_56b_gen.c diff | blob | history
doc/man1/openssl-genrsa.pod.in diff | blob | history
doc/man7/EVP_PKEY-RSA.pod diff | blob | history
include/openssl/rsa.h diff | blob | history
test/recipes/15-test_genrsa.t diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.