diff --git a/aws-lc b/aws-lc index 2f187975..36e03079 160000 --- a/aws-lc +++ b/aws-lc @@ -1 +1 @@ -Subproject commit 2f1879759b2e0fc70592665bdf10087b64f44b7d +Subproject commit 36e0307917fbc0e001811def88bee384bc51d7ad diff --git a/build.gradle b/build.gradle index 674af55b..6a14617b 100644 --- a/build.gradle +++ b/build.gradle @@ -23,7 +23,7 @@ if (ext.isExperimentalFips) { if (ext.isExperimentalFips || !ext.isFips) { // Experimental FIPS uses the same AWS-LC version as non-FIPS builds. - ext.awsLcGitVersionId = 'v1.34.2' + ext.awsLcGitVersionId = 'v1.36.0' } else { ext.awsLcGitVersionId = 'AWS-LC-FIPS-2.0.15' } diff --git a/tst/com/amazon/corretto/crypto/provider/test/RsaGenTest.java b/tst/com/amazon/corretto/crypto/provider/test/RsaGenTest.java index 559497ff..0a6207e2 100644 --- a/tst/com/amazon/corretto/crypto/provider/test/RsaGenTest.java +++ b/tst/com/amazon/corretto/crypto/provider/test/RsaGenTest.java @@ -168,15 +168,18 @@ public void test4096() throws GeneralSecurityException { public void test5120() throws GeneralSecurityException { final KeyPairGenerator generator = getGenerator(); generator.initialize(5120); - if (TestUtil.isFips()) { - assertThrows(RuntimeCryptoException.class, () -> generator.generateKeyPair()); - } else { + try { final KeyPair keyPair = generator.generateKeyPair(); final RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic(); final RSAPrivateCrtKey privKey = (RSAPrivateCrtKey) keyPair.getPrivate(); assertEquals(5120, pubKey.getModulus().bitLength()); assertEquals(RSAKeyGenParameterSpec.F4, pubKey.getPublicExponent()); assertConsistency(pubKey, privKey); + } catch (final RuntimeCryptoException e) { + // Starting from version v1.35.1, AWS-LC built in FIPS mode allows key sizes larger than 4096. + // This exception could happen if ACCP is built with a version of AWS-LC in FIPS mode that + // does not support key sizes larger than 4096. + assertTrue(TestUtil.isFips()); } }