Fix test_pkey_rsa.rb in FIPS.

junaruga · Aug 6, 2024 · b837b23 · b837b23
1 parent a664af8
commit b837b23
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/Rakefile b/Rakefile
@@ -32,6 +32,7 @@ Rake::TestTask.new(:test_fips_internal) do |t|
     'test/openssl/test_pkey_dh.rb',
     'test/openssl/test_pkey_dsa.rb',
     'test/openssl/test_pkey_ec.rb',
+    'test/openssl/test_pkey_rsa.rb',
   ]
   t.warning = true
 end

diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
@@ -15,7 +15,13 @@ def test_no_private_exp
 
   def test_private
     # Generated by key size and public exponent
-    key = OpenSSL::PKey::RSA.new(512, 3)
+    # SP800 requires ossl_ifc_ffc_compute_security_bits to return that the
+    # return value (strength in bits) is more than equal
+    # RSA_FIPS1864_MIN_KEYGEN_STRENGTH (112) in FIPS.
+    # The ossl_ifc_ffc_compute_security_bits returns 112 with the nbits 2048.
+    # https://github.com/openssl/openssl/blob/3c6e11495975a4eda4cc5886080afed6203711ac/crypto/rsa/rsa_sp800_56b_gen.c#L179-L182
+    # https://github.com/openssl/openssl/blob/3c6e11495975a4eda4cc5886080afed6203711ac/crypto/rsa/rsa_lib.c#L322
+    key = OpenSSL::PKey::RSA.new(2048, 65537)
     assert(key.private?)
 
     # Generated by DER