kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
55761e6802
boringssl/crypto/fipsmodule/rsa
History
David Benjamin 55761e6802 Use a higher iteration limit for RSA key generation at e = 3. 
Generating a 2048-bit RSA key with e = 3 (don't do this), the failure
rate at 5*bits iterations appears to be around 7 failures in 1000 tries.
Bump the limit up to 32*bits. This should give a failure rate of around
2 failures in 10^14 tries.

(The FIPS 186-4 algorithm is meant for saner values of e, like 65537. e
= 3 implies a restrictive GCD requirement: the primes must both be 2 mod
3.)

Change-Id: Icd373f61e2eb90df5afaff9a0fc2b2fbb6ec3f0a
Reviewed-on: https://boringssl-review.googlesource.com/22584
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-11-03 19:37:31 +00:00
..
blinding.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
internal.h Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
padding.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
rsa_impl.c Use a higher iteration limit for RSA key generation at e = 3. 2017-11-03 19:37:31 +00:00
rsa.c Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00