Fix test_ts.rb in FIPS.#1056
Merged
Merged
Conversation
rhenium
reviewed
May 22, 2026
Replace RSA keys for intermediate_key and ee_key with RSA 4096-bit keys rsa-1.pem and rsa-2.pem. At least RSA 2048-bit keys are required for signing and encryption in FIPS. SP 800-131A Rev. 2 * 3. Digital Signatures * 6. Key Agreement and Key Transport Using RSA https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf https://github.com/openssl/openssl/blob/71943544885ff364a10bcc5ffc62d0e651c9a021/providers/common/securitycheck.c#L72-L73 ``` $ openssl rsa -in test/openssl/fixtures/pkey/rsa-1.pem -text -noout | head -1 Private-Key: (4096 bit, 2 primes) $ openssl rsa -in test/openssl/fixtures/pkey/rsa-2.pem -text -noout | head -1 Private-Key: (4096 bit, 2 primes) ```
junaruga
force-pushed
the
wip/fips-test-ts
branch
from
a0198e1 to
f130312
Compare
Member
Author
|
@rhenium I rebased this PR on the latest master branch, fixing the thing reviewed by you, updating the commit message. Note I removed the code comment "RSA 2048-bit keys are required in FIPS" from the previous PR, because the Could you review this PR again? Thanks. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is 2 commits, and the 1st commit is the PR #1054. I intend that we review the PR #1054 first, then rebase this PR on the latest master branch, and we review this PR second.
Note this PR is the last one to fix test files in FIPS. :) After merging this PR, we can unify or refactor the rake
test_fipstask with raketesttask inRakefilevia another PR.2048-bit RSA keys for intermediate_key and ee_key are required for signing and encryption in FIPS.
SP 800-131A Rev. 2
3 - Digital Signatures
6 - Key Agreement and Key Transport Using RSA
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
https://github.com/openssl/openssl/blob/71943544885ff364a10bcc5ffc62d0e651c9a021/providers/common/securitycheck.c#L72-L73