Check the RSA keysize in Signature

IBM / OpenJCEPlus

This project makes use of Java and C/C++. This project will create OpenJCEPlus and OpenJCEPlusFIPS cryptographic providers which are implementations of the Java™ Cryptography Extensions (JCE) APIs. The actual cryptographic code will come from the OpenCryptographyKitC project which is based on OpenSSL.

Apache License 2.0

4 stars 10 forks source link

Check the RSA keysize in Signature #92

Closed JinhangZhang closed 3 months ago

JinhangZhang commented 3 months ago

At least 2048 bits of RSA key can be used for Sign in Signature. However, current openjceplusfips provider can accept a RSA key which size is smaller than 1024.

Add a check in the engineInitSign() function to filter the keysize.

backport from https://github.com/IBM/OpenJCEPlus/pull/27

jasonkatonica commented 3 months ago

x86_64_linux, ppc64le_linux,s390x_linux,x86_64_windows