Drop the RSA, DSA, and DH DoS limits to 8,192 bits
RSA-8192 is already too big. This avoids needing to worry about
bn_mul_mont allocating more than a page of stack memory, makes it a lot
more comfortable to just stack-allocate all Montgomery temporaries.
Also RSA operations scale quadratically or cubicly. For reference, on my
machine:
Did 1638 RSA 2048 signing operations in 1015740us (1612.6 ops/sec)
Did 82000 RSA 2048 verify (same key) operations in 1000238us (81980.5 ops/sec)
Did 70000 RSA 2048 verify (fresh key) operations in 1001850us (69870.7 ops/sec)
Did 13580 RSA 2048 private key parse operations in 1013849us (13394.5 ops/sec)
Did 611 RSA 3072 signing operations in 1038497us (588.4 ops/sec)
Did 39000 RSA 3072 verify (same key) operations in 1009250us (38642.6 ops/sec)
Did 34000 RSA 3072 verify (fresh key) operations in 1005116us (33826.9 ops/sec)
Did 7799 RSA 3072 private key parse operations in 1016058us (7675.7 ops/sec)
Did 276 RSA 4096 signing operations in 1008941us (273.6 ops/sec)
Did 23000 RSA 4096 verify (same key) operations in 1029290us (22345.5 ops/sec)
Did 20000 RSA 4096 verify (fresh key) operations in 1006214us (19876.5 ops/sec)
Did 5137 RSA 4096 private key parse operations in 1001233us (5130.7 ops/sec)
Did 39 RSA 8192 signing operations in 1012397us (38.5 ops/sec)
Did 6039 RSA 8192 verify (same key) operations in 1061168us (5690.9 ops/sec)
Did 5181 RSA 8192 verify (fresh key) operations in 1000616us (5177.8 ops/sec)
Did 1749 RSA 8192 private key parse operations in 1074560us (1627.6 ops/sec)
Did 6 RSA 16834 signing operations in 1147874us (5.2 ops/sec)
Did 1562 RSA 16834 verify (same key) operations in 1086732us (1437.3 ops/sec)
Did 1386 RSA 16834 verify (fresh key) operations in 1057798us (1310.3 ops/sec)
Did 440 RSA 16834 private key parse operations in 1039747us (423.2 ops/sec)
This change removes our exposure to the last of these. Also align limits
for legacy DSA and DH so that Montgomery reduction can rely on this.
Update-Note: This lowers our maximum key sizes:
- The maximum RSA modulus size is now 8,192 bits, down from 16,384 bits
- The maximum DSA p is now 8,192 bits, down from 10,000 bits
- The maximum DH p is now 8,192 bits, down from 10,000 bits
Fixed: 402677800
Change-Id: I52c0205af568b66a2fbc586b1c7300e13a47c7ab
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/80287
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/build.json b/build.json
index 39ed119..dfcfc71 100644
--- a/build.json
+++ b/build.json
@@ -933,6 +933,7 @@
"crypto/pkcs7/test/*.pem",
"crypto/pkcs8/test/*.p12",
"crypto/poly1305/poly1305_tests.txt",
+ "crypto/rsa/test/*.pem",
"crypto/siphash/siphash_tests.txt",
"crypto/slhdsa/slhdsa_keygen.txt",
"crypto/slhdsa/slhdsa_prehash.txt",
diff --git a/crypto/fipsmodule/bn/internal.h b/crypto/fipsmodule/bn/internal.h
index 54bb514..9e54b41 100644
--- a/crypto/fipsmodule/bn/internal.h
+++ b/crypto/fipsmodule/bn/internal.h
@@ -268,10 +268,11 @@
// |BIGNUM|s, in |bn_wexpand|, but the exactfloat library needs to create 8 MiB
// values for other operations.
//
-// TODO(crbug.com/402677800): This is not quite tight enough to limit the
-// |bn_mul_mont| allocation to under a page. Lower the maximum RSA key and then
-// lower this to match.
-#define BN_MONTGOMERY_MAX_WORDS (16384 / BN_BITS2)
+// This limit is set so that one number fits within 1 KiB, giving room to
+// allocate a few of them on the stack in |bn_mul_mont| without exceeding a page
+// (4 KiB). It is also set to limit the DoS impact of large RSA, DH, and DSA
+// keys, which scale cubicly.
+#define BN_MONTGOMERY_MAX_WORDS (8192 / BN_BITS2)
struct bn_mont_ctx_st {
// RR is R^2, reduced modulo |N|. It is used to convert to Montgomery form. It
diff --git a/crypto/rsa/rsa_test.cc b/crypto/rsa/rsa_test.cc
index 61048ea..7a65f7a 100644
--- a/crypto/rsa/rsa_test.cc
+++ b/crypto/rsa/rsa_test.cc
@@ -19,16 +19,19 @@
#include <gtest/gtest.h>
+#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/bytestring.h>
#include <openssl/crypto.h>
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/nid.h>
+#include <openssl/pem.h>
#include "../fipsmodule/bn/internal.h"
#include "../fipsmodule/rsa/internal.h"
#include "../internal.h"
+#include "../test/test_data.h"
#include "../test/test_util.h"
#if defined(OPENSSL_THREADS)
@@ -1277,95 +1280,49 @@
EXPECT_FALSE(RSA_new_public_key_large_e(n, bad_e.get()));
}
-// Test minimum key limits on RSA keys. Currently, we require a minimum of
-// 512-bit RSA.
-//
-// TODO(crbug.com/boringssl/607): Raise this limit. 512-bit RSA was factored in
-// 1999.
-TEST(RSATest, SmallKey) {
- static const uint8_t kRSA511Private[] = {
- 0x30, 0x82, 0x01, 0x39, 0x02, 0x01, 0x00, 0x02, 0x40, 0x56, 0xc1, 0x3d,
- 0xb3, 0x4f, 0xe4, 0xe9, 0x2f, 0x29, 0x8a, 0xd3, 0xe2, 0xfe, 0xb3, 0x3b,
- 0x88, 0x02, 0x8b, 0xdd, 0x44, 0xb5, 0x41, 0x4b, 0x43, 0x97, 0x93, 0x75,
- 0x78, 0x4b, 0x10, 0x30, 0x88, 0xce, 0xd2, 0x32, 0xe3, 0x9e, 0xda, 0x68,
- 0xc9, 0xc3, 0xcd, 0xa1, 0xde, 0xbc, 0x4a, 0xeb, 0x37, 0x60, 0xd2, 0x82,
- 0x2f, 0x5d, 0x21, 0x3b, 0x88, 0x0e, 0x12, 0x44, 0x4d, 0x5d, 0x44, 0xc1,
- 0x9d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x40, 0x08, 0xe5, 0xf5, 0x30,
- 0x29, 0x27, 0xaf, 0x8b, 0x38, 0xd5, 0x96, 0x7a, 0x17, 0xe9, 0xc6, 0x57,
- 0x62, 0xfb, 0x79, 0x8c, 0x8c, 0x92, 0xcf, 0xe7, 0x74, 0xea, 0x99, 0x07,
- 0xe7, 0x9b, 0x17, 0x7f, 0x30, 0x9f, 0x86, 0x55, 0x15, 0x8d, 0xe6, 0xa8,
- 0x0d, 0x7b, 0x42, 0x41, 0x27, 0x18, 0x29, 0x55, 0xb1, 0x08, 0x07, 0x2a,
- 0x4e, 0x67, 0x19, 0x9c, 0xe3, 0xe4, 0x84, 0xd6, 0x82, 0x62, 0xd4, 0x81,
- 0x02, 0x21, 0x00, 0xcd, 0x5a, 0x9b, 0x23, 0x3d, 0xb5, 0x9c, 0x56, 0xbc,
- 0xc5, 0x56, 0xcf, 0x77, 0x58, 0xc0, 0x62, 0x72, 0xa0, 0x85, 0x77, 0xf4,
- 0xc3, 0xf8, 0x47, 0x6d, 0xc0, 0x8f, 0x18, 0x77, 0xee, 0xf1, 0xad, 0x02,
- 0x20, 0x6c, 0x26, 0xaa, 0x8a, 0xaf, 0x7b, 0x9f, 0x35, 0x19, 0x08, 0xc2,
- 0xa0, 0x9f, 0x4e, 0x9e, 0x62, 0x48, 0xb1, 0x7c, 0x0e, 0x68, 0x63, 0x0d,
- 0x05, 0x76, 0x73, 0x0a, 0xa0, 0xb3, 0xed, 0x6d, 0xb1, 0x02, 0x21, 0x00,
- 0xc2, 0x26, 0x1c, 0xb0, 0xa7, 0xe2, 0x31, 0x4a, 0x4c, 0x34, 0xe2, 0xcb,
- 0x49, 0x51, 0xce, 0xaa, 0x05, 0x27, 0xc0, 0xa8, 0x55, 0xf0, 0x85, 0xa6,
- 0xba, 0x9c, 0x28, 0x6e, 0x00, 0xce, 0x17, 0x0d, 0x02, 0x20, 0x65, 0x51,
- 0xb0, 0x11, 0xaf, 0x26, 0xbc, 0x57, 0x4d, 0x35, 0xb4, 0xc8, 0x2f, 0x96,
- 0xc2, 0xb0, 0xc6, 0xf3, 0x67, 0x8a, 0x43, 0xe7, 0x0f, 0xaa, 0xdf, 0x76,
- 0x15, 0x2d, 0xca, 0x82, 0x93, 0x71, 0x02, 0x21, 0x00, 0x9e, 0x89, 0x74,
- 0x15, 0x7e, 0x73, 0x43, 0xa0, 0x1e, 0xa9, 0xa5, 0x9f, 0xad, 0xf1, 0xa0,
- 0xfa, 0x13, 0x86, 0x10, 0x3f, 0xb0, 0xba, 0x3f, 0x45, 0x87, 0x13, 0x02,
- 0x86, 0xa4, 0xa4, 0x31, 0x92};
- static const uint8_t kRSA511Public[] = {
- 0x30, 0x47, 0x02, 0x40, 0x56, 0xc1, 0x3d, 0xb3, 0x4f, 0xe4, 0xe9,
- 0x2f, 0x29, 0x8a, 0xd3, 0xe2, 0xfe, 0xb3, 0x3b, 0x88, 0x02, 0x8b,
- 0xdd, 0x44, 0xb5, 0x41, 0x4b, 0x43, 0x97, 0x93, 0x75, 0x78, 0x4b,
- 0x10, 0x30, 0x88, 0xce, 0xd2, 0x32, 0xe3, 0x9e, 0xda, 0x68, 0xc9,
- 0xc3, 0xcd, 0xa1, 0xde, 0xbc, 0x4a, 0xeb, 0x37, 0x60, 0xd2, 0x82,
- 0x2f, 0x5d, 0x21, 0x3b, 0x88, 0x0e, 0x12, 0x44, 0x4d, 0x5d, 0x44,
- 0xc1, 0x9d, 0x02, 0x03, 0x01, 0x00, 0x01};
- static const uint8_t kRSA512Private[] = {
- 0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xa5, 0x44,
- 0x8f, 0x3d, 0xa2, 0x0b, 0x20, 0xc6, 0xac, 0x10, 0xc1, 0x27, 0x11, 0xf0,
- 0x43, 0x5d, 0x05, 0xb7, 0x0f, 0x80, 0x3b, 0x9b, 0x85, 0xf1, 0x7a, 0x0e,
- 0xbd, 0x72, 0xed, 0x8a, 0xdc, 0xa1, 0xaa, 0xd4, 0x53, 0xcb, 0x65, 0x78,
- 0x4b, 0x30, 0x6b, 0x52, 0x51, 0xee, 0xcd, 0x2f, 0x90, 0x7b, 0xd1, 0x9c,
- 0xe9, 0x79, 0x98, 0x58, 0xe3, 0x47, 0x35, 0xa7, 0xcd, 0x6a, 0x71, 0x38,
- 0xb5, 0x0d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 0x94, 0x24,
- 0x82, 0xa9, 0xe2, 0xa9, 0x4a, 0xf6, 0x0b, 0xa2, 0xf1, 0x21, 0x0e, 0x89,
- 0x6a, 0x38, 0xe6, 0x38, 0x93, 0xe2, 0x84, 0x8c, 0x02, 0x62, 0xd4, 0xe0,
- 0x85, 0x9d, 0x91, 0xa4, 0xd9, 0xe3, 0x77, 0x6c, 0x26, 0x85, 0xf6, 0x2e,
- 0x0a, 0xe4, 0x18, 0x73, 0x06, 0x9a, 0xea, 0xde, 0x78, 0x65, 0xba, 0x7a,
- 0xdb, 0xc0, 0x3b, 0xf7, 0x29, 0x1e, 0x43, 0xed, 0xaf, 0xf5, 0xaf, 0xa8,
- 0xdf, 0x01, 0x02, 0x21, 0x00, 0xdb, 0x93, 0x05, 0x2d, 0xf3, 0xdf, 0xe4,
- 0x31, 0xef, 0x50, 0xc7, 0x54, 0x0f, 0x08, 0x5d, 0x50, 0x42, 0xfa, 0xb9,
- 0x20, 0x37, 0x98, 0xd3, 0xc0, 0x64, 0x2f, 0xb6, 0xe4, 0xb2, 0xfe, 0xe5,
- 0x6d, 0x02, 0x21, 0x00, 0xc0, 0xaf, 0x3a, 0x1f, 0xd9, 0xba, 0x5a, 0x6a,
- 0xc2, 0x80, 0x2e, 0x7b, 0x65, 0x3d, 0x8a, 0x76, 0xae, 0x4b, 0x5a, 0xff,
- 0x7a, 0x9a, 0x5e, 0xc2, 0xfa, 0x07, 0xfb, 0x2d, 0x0c, 0x16, 0x6a, 0x21,
- 0x02, 0x20, 0x06, 0xf3, 0xb9, 0xb7, 0x41, 0xc0, 0x75, 0xfe, 0x2a, 0xc0,
- 0x98, 0xff, 0x0d, 0x56, 0xcb, 0x75, 0x8e, 0x19, 0x58, 0x21, 0x30, 0x01,
- 0x73, 0xba, 0xe4, 0xb1, 0x2a, 0x0e, 0x45, 0xa8, 0x92, 0x65, 0x02, 0x20,
- 0x25, 0xcd, 0xbb, 0x3f, 0xa8, 0x7e, 0x11, 0x63, 0x44, 0xc9, 0xd5, 0x54,
- 0xcc, 0x66, 0x28, 0x96, 0x64, 0x57, 0xd0, 0x80, 0xb3, 0x53, 0x3a, 0x28,
- 0x52, 0xd9, 0xe2, 0x03, 0xd2, 0x8d, 0x4b, 0x41, 0x02, 0x20, 0x09, 0x30,
- 0xd9, 0xfd, 0xad, 0x31, 0x1a, 0x38, 0xb7, 0x71, 0x06, 0xed, 0x49, 0xa6,
- 0xe2, 0xec, 0x42, 0xc2, 0x8e, 0xe9, 0xec, 0xf7, 0x3e, 0xb7, 0x4a, 0x5e,
- 0x2e, 0xa2, 0x7a, 0x8d, 0xa4, 0x95};
- static const uint8_t kRSA512Public[] = {
- 0x30, 0x48, 0x02, 0x41, 0x00, 0xa5, 0x44, 0x8f, 0x3d, 0xa2, 0x0b,
- 0x20, 0xc6, 0xac, 0x10, 0xc1, 0x27, 0x11, 0xf0, 0x43, 0x5d, 0x05,
- 0xb7, 0x0f, 0x80, 0x3b, 0x9b, 0x85, 0xf1, 0x7a, 0x0e, 0xbd, 0x72,
- 0xed, 0x8a, 0xdc, 0xa1, 0xaa, 0xd4, 0x53, 0xcb, 0x65, 0x78, 0x4b,
- 0x30, 0x6b, 0x52, 0x51, 0xee, 0xcd, 0x2f, 0x90, 0x7b, 0xd1, 0x9c,
- 0xe9, 0x79, 0x98, 0x58, 0xe3, 0x47, 0x35, 0xa7, 0xcd, 0x6a, 0x71,
- 0x38, 0xb5, 0x0d, 0x02, 0x03, 0x01, 0x00, 0x01};
+TEST(RSATest, KeyLimits) {
+ auto read_private_key = [](const char *path) -> bssl::UniquePtr<RSA> {
+ std::string data = GetTestData(path);
+ bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(data.data(), data.size()));
+ if (!bio) {
+ return nullptr;
+ }
+ return bssl::UniquePtr<RSA>(
+ PEM_read_bio_RSAPrivateKey(bio.get(), nullptr, nullptr, nullptr));
+ };
+ auto read_public_key = [](const char *path) -> bssl::UniquePtr<RSA> {
+ std::string data = GetTestData(path);
+ bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(data.data(), data.size()));
+ if (!bio) {
+ return nullptr;
+ }
+ return bssl::UniquePtr<RSA>(
+ PEM_read_bio_RSA_PUBKEY(bio.get(), nullptr, nullptr, nullptr));
+ };
- bssl::UniquePtr<RSA> rsa(
- RSA_public_key_from_bytes(kRSA511Public, sizeof(kRSA511Public)));
- EXPECT_FALSE(rsa);
- rsa.reset(RSA_private_key_from_bytes(kRSA511Private, sizeof(kRSA511Private)));
- EXPECT_FALSE(rsa);
+ // We support RSA-512 through RSA-8192.
+ //
+ // TODO(crbug.com/boringssl/42290480): Raise this limit. 512-bit RSA was
+ // factored in 1999.
+ EXPECT_FALSE(read_private_key("crypto/rsa/test/rsa511.pem"));
+ EXPECT_FALSE(read_public_key("crypto/rsa/test/rsa511pub.pem"));
- rsa.reset(RSA_public_key_from_bytes(kRSA512Public, sizeof(kRSA512Public)));
- EXPECT_TRUE(rsa);
- rsa.reset(RSA_private_key_from_bytes(kRSA512Private, sizeof(kRSA512Private)));
- EXPECT_TRUE(rsa);
+ bssl::UniquePtr<RSA> rsa = read_private_key("crypto/rsa/test/rsa512.pem");
+ ASSERT_TRUE(rsa);
+ EXPECT_EQ(RSA_bits(rsa.get()), 512u);
+ rsa = read_public_key("crypto/rsa/test/rsa512pub.pem");
+ ASSERT_TRUE(rsa);
+ EXPECT_EQ(RSA_bits(rsa.get()), 512u);
+
+ rsa = read_private_key("crypto/rsa/test/rsa8192.pem");
+ ASSERT_TRUE(rsa);
+ EXPECT_EQ(RSA_bits(rsa.get()), 8192u);
+ rsa = read_public_key("crypto/rsa/test/rsa8192pub.pem");
+ ASSERT_TRUE(rsa);
+ EXPECT_EQ(RSA_bits(rsa.get()), 8192u);
+
+ EXPECT_FALSE(read_private_key("crypto/rsa/test/rsa8193.pem"));
+ EXPECT_FALSE(read_public_key("crypto/rsa/test/rsa8193pub.pem"));
}
#if !defined(BORINGSSL_SHARED_LIBRARY)
diff --git a/crypto/rsa/test/rsa511.pem b/crypto/rsa/test/rsa511.pem
new file mode 100644
index 0000000..fc5d71aa
--- /dev/null
+++ b/crypto/rsa/test/rsa511.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOAIBAAJATYW40539KYSwoyeOEfrlrlfbSwxaFqlqk96aWadopzn6jWcb+9rS
+lUIgWMnbKvWrD053rIItvUCvqfnu9yAb+wIDAQABAkAKjNNNgWfNubAsVBrCmame
+Y3iFqyWrhdzqSNYqs1zLvTDmI/ugvTEnAsPOUPxg28T4ToCPywtz8DvvVOvBPzdp
+AiEAwh25dNj3gE3pEM4yh03wbND2TvF/Dj0eHl45tLWhXK8CIGY8gTLtP2crIqyZ
+wI20M25KL2BRveKJTNmyXg/FW0B1AiAG+zSxTCBSn/qy3QeaMCZmc3l4S10rcO1F
+YFQo+KNOBwIgAykXrWVcMmpI9iECrN7HQD+W21lrj1dDQu+arM4jFgkCIQCm76vH
+LgDhqssyYLFMt2nZbihJtpdqQWsv5f4Eu8kFGw==
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/rsa/test/rsa511pub.pem b/crypto/rsa/test/rsa511pub.pem
new file mode 100644
index 0000000..204a813
--- /dev/null
+++ b/crypto/rsa/test/rsa511pub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFswDQYJKoZIhvcNAQEBBQADSgAwRwJATYW40539KYSwoyeOEfrlrlfbSwxaFqlq
+k96aWadopzn6jWcb+9rSlUIgWMnbKvWrD053rIItvUCvqfnu9yAb+wIDAQAB
+-----END PUBLIC KEY-----
diff --git a/crypto/rsa/test/rsa512.pem b/crypto/rsa/test/rsa512.pem
new file mode 100644
index 0000000..17ed85a
--- /dev/null
+++ b/crypto/rsa/test/rsa512.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBANLjQBoscno3D27YpNv1I2baUkzvz8gKculrIWvH7vcylUPItquY
+0aWlVhvqQ+o/NytKAKWcJEdSDzQus9qF8xMCAwEAAQJBANH/4/xsWE7ld2PNLlWu
+hWNNcnkUsRcleIqB2NUIUikrEbjflzIr/kzLHXx7qMgdaz1CDQkBahnGUbg5mfw8
+3skCIQDwoouuravi2c6IzuWYWdItfnCF48ipSuSzOK4x1eyAXwIhAOBac62gFvFz
+5+1q66VrDK/RpbfcaJYNUBQIq1TPMjnNAiAI9JOsOYxnEeIM115WECmxRb5cTUDf
+hAkE3nwlIKf/kwIhAN2YGafFdsPX4p06vTOur2I9ZTxcBCUpUw3mnitvV0GFAiEA
+uARtcqqF5h71dNkzIU2lvd0pbpH/fKceViAoIoB/AP0=
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/rsa/test/rsa512pub.pem b/crypto/rsa/test/rsa512pub.pem
new file mode 100644
index 0000000..49f8e63
--- /dev/null
+++ b/crypto/rsa/test/rsa512pub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLjQBoscno3D27YpNv1I2baUkzvz8gK
+culrIWvH7vcylUPItquY0aWlVhvqQ+o/NytKAKWcJEdSDzQus9qF8xMCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/crypto/rsa/test/rsa8192.pem b/crypto/rsa/test/rsa8192.pem
new file mode 100644
index 0000000..397ef6f
--- /dev/null
+++ b/crypto/rsa/test/rsa8192.pem
@@ -0,0 +1,99 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIISKQIBAAKCBAEArdfc7gqU0Jg02VccpxpKPZs2yEKzD1qTqtzuR9Go7F0k05zU
+XqljIAR0zrkbTBucjhIiu7pjB2w4HBP1eKjXX07t6bvP5QVcCFM9siC8R8vktOMh
+iU+kGnGZAEC7FDpv473X9qOxgduQpnrmwnwtd1Hmp9heuY+gACKEzOuEf59iQQI5
+CT3yLnlwuIzbZOe2KRrgBmICgKetmFMdaR6LAKpMqIAAQd3RQqg2iYyx8aaTg1di
+Zl731Ld/YCsrxFIvATNVyY6aBd6Il9r+qxhWzfqv2TkwUT4IaqQ508faN/M4YVhJ
++gCyUuxFeEobQilMfEaKLSgY6b9h+UNkA5F7wDMO8nUKu9QVJbI2RvZt34M4Duc9
+aLryQWKkSwFYOS9Ed46/pPRhc3dhIL9B5uPdQwABn7ndpDy+lPVZCX4xcrSHFy6M
+I63K/KhwhARFXXbQ/QLrzfCfaG21r84PUm+MceYSFO8QMCMNfcsgR6GvhHWemc44
+8dSPunkpCpTkO6XW1lPnccDjPySQP6oxZTjlbaAhjEGCMvWr62dc9O3IoiwvRBtw
+r//2PEjFdhc45iiPMI6abX5McawaFADNWutyzcmnExWNJkaLMcOCeYeGLPuOAZoX
+GTRy4Hv9tE0BKdm0iwmn6Okx5MoavT9JshQtwpDh9qQjwg0Lex1UOqITnM4LVcUY
+d53k55Ab4erix2fjTEFWlJWPdSJx1X0qoVKfwBP1fYyNgMNzv7DPOkC3Uhl4BhTA
+Q1u35dxWpD5R4LiKvTOJiPOd+ZChgPjJxk9IlMi/4WcPG7Sd28zbV3wUk4jckFpr
+fYZMndBcm2pB1ghFDCozG9qEUaUmZTCAKGqST+zhzaGD/aPT/gK9Hs1d1xT3zYTi
+d/1g3Ksb8dKAVybUDtc2p3Q6+JFr1wgZzucIwegItfdmJEdFn3MGkvsZCsIP7o6V
+wgfNzcXcjLdDEt1cJKTLJiJcWY1JYEokDjcNLkOPQM6JV957JcM0KYRf851tuOhF
+eX/h1jvJAMocX2KAmt0Le2gRkq8RhXOv0I7zNckLP1bqR27IWfbZS85wHofzSWPx
+0tR9mYwmMKSdq2hdVAlpQIADRbVRuy0poUWe+vpLUbTRyl0vTnVpl6VYkJtEwhI/
+dOojdphxN7haz7oGK180JXK1ZsQtPb9n1SDLYIbpY9Ydva7denI0epoykGKR4cxq
+PvFKxFLdWy71HuLJZpSE792Qb2+sntnyPLSqhBb2fVI/JBsS5JyPG59bekcQqK2+
+DSNiQAglk/8PClS3SO1EA9YLkI4/4jpX/xIXRh6clYV6tzdKmX+NO8jq3ceQvClc
+etSB30Vz3dMxMzaTQoJLjBwfmBu/8PJU88gvNQIDAQABAoIEAFt653igOtVV8yGX
+1K0eiYjHv9k8OCvRNznHjuBeNO1EypdMxPiXXGFB1xHdmL7BHO4qHvr4xxnl2dT0
+r8zx1HwD9fB0c58J5fc/jozI6ytA4TZK+5/dN/buZlwatBed9Lk8coQIeeVi3Eiv
+DfW0ENzkTWNv2dD+Am1vvMB1A0GBZtvcxpTVczb/ktCa1uzPfi09Rjw1oSmAkzpA
+Ko7hkrYj57kXuorupirUh/Z0AkOuq5uHBXHncbUPZsj9jsd9k9ym3fL1xplmFC0N
+AcyZPzyfOaAulv15jkZH62JFndCpfbbEFhGoAi7exGPbY2K6htQy7o16tzlyC6V2
+0A+MpDls5OWzr5VNsl8m26cWEJV44Kv/BXKyRb8goGIT8BAPjpD3nmO4cfuoC4WG
+/6/3oryaKUCbN0Yw7P1H6rWzIWRCGYCabwZrcxDntmXSNYpMdwddXSb/A3OZn+1G
+mwt/RcG+Fy/K6ZLbL0NN+8uWCt3CY1Z+jbq8Z3HyRiWaWkwFJfudJYLXxP26SOon
+rlycxyacCGtdIZ2dZ/21Y9ZDtruYUrsdUXxcToBErxxIdhmvqEIeGKebubBrp0F1
+dprsoXonLnM9eQx2PNNQFb3MElBjg8PWCWerEPSOauBRUVZriLVNvH01EZtaux1x
+S1+ZfMcRJMd8cpCv+qWrtmIwXe+6IrqL12GkQnKq2o2bVsgvq8qhvSvFBQgXcFrT
+2HgGw+Dt5ARplsU3KSgk6gQBxJlR7EqkFMKez/M6eq24ukLF0dBdCHwELTVjJ7/F
+wnkgHNATmyXSQHprdeqJnnpE0x9ivO0DP+RWh4bI8xtWbNmMlI0nfTDyvr4SdBvm
+drE6GTASg/lJFNGXG8n3Q9bAz1LQVmbVA+cp5GtwlH04c0UJ7jSGMkiF9ptqsAvd
+JS4KCTThgopHVNKbtFmefgEavL3DaYF1HdLOXlIEq//xgz6Gw1QckISXuuQSsviU
+pVyxURQWoXVG7/DqPU2dQGJa9w5UZrnLl8E5RoA66qd6ACExA4fvQxq/+zuN+oyZ
+OdwgoKkAQ+bLnFN30G+K6MuHE3TQE1QRfSGJD5TiwTr+YDeMPF4durClsSmzjYEG
+dzL+JLPXV37FzNbKB+S8fqW45Je2V/qrvvQaaJUmqcUM+dBfPS7NWWqW6I4u8gVc
+aVSxfOLETgcxW+TyUpAxoYfxxcNKzJyn6XYdVWm+12FnxC0H3jJMAnf6KPRmjOYG
+wxW40RqbBbcWsDCd/Q+nFide7I48NNewGvxPFsWnWvZk16YxibMGfLNUZokXfRoJ
+PdpYdsfw9980tHKNH+fIJuF8kD9Dx8ijkmHVy0kf8/UxKgkwp3gIrpQBb8zfje7+
+m0VkUnUCggIBAOTof2wkwAsp1aFmEIXzMD6PEc7Q0Fn5URdZUyiNSY+v9/wZpJHS
+9Yi+EMmokFDV++OyzMvKnkD+QUDow3yPbPzHD1ckwLeZTXMrx+8v+0CC6rt9ye/8
+wfj1BZHhGx6UzN3GFUKyhHCXTJloFPSyILUVxh/CVgY6HJlC98cKvwgupkFWvb21
+TfFDEfhUoc+7TmSV+aLJJ8KZQO4JCD1w5jtO3NFWIvzuwhv6GvTLLTulvkEqrplU
+D2pYzLFu48DLyUc0mLnD4aPK49l/OunfRCEe6F+QJ7QTGHghfeXKG9LgQKg2Dauq
+iYq6rWapfjRZG1MN1xHNgF6aPm3YVBFJLkNxKLhZlVs/BqJzqbqn6Sm4G/ZghvAz
+PedNmPrT13BCfJhVonox57eR/ez39bI2y5VuOTx/FjG9LuwW98EgDLCTHv2Hpzbw
+qLqBVfM1zSm9XHTvbc4rFWpEzs0qUlX3ucMBI/Ss4cuAAWD+VCDXKhu8irzpyCQC
+3ToXTpp3CiUNf1jNGXfiyhW2l7YmC/rkrioNLA7dJ+y8gvhW9wl0AK9FZAnLHhYh
+bj77GhU8gCguPnrWjzkTREmLBpck3rl0wfrKk8zIzKXJJAgLeU7tD4g8QTUof77A
+jDgd+AWRYDC09rIn1JHgscIlQ6IiCrJqy8cYdHS7QtfiPD1LZubou2IvAoICAQDC
+av8YT6mZSXklbx+JFN58J50ruNtj/QzcbJbGwuY6FlisVDWTRk/sVTN67b6PICWk
+zOXuHL3U1g3vgmaTZ31UU8jmw75v+yR2lvK8UvtNx1JOOTAWy2x4J7YvHmQCR1kY
+XVASbif6YEk1wkaQqxNlGoECGkQR4w7itFNxG1kj5eDobOAmu7DYaV4oIfzknM5p
+iPrCpasfx2WyQcz/LrFYGU/d2xaIPJbGOFNNAFi//JKZBnEXgUFBJeSQKFMDO6ra
+wg/Q2Ae0zD++PHC8wnxJ/P/1UAl2eaYi0q0NRWpK8byyxPGYzKI0VU09BSHex6Mf
+JJSs7AO7IkP81HiwWHJVySGubbdSNw4jBenjbCJ7TmnypkRXHKFD7bi7hl+/Kw0/
+Q1M9ivN9lod10WTZwmr4+f7vLZ/QwD6qjZc4d3GSWiNyQ/XWy32cAwETrugtZTxV
+tJxPQxh0OPESpqo1Wd4W+4GvGYxTO/01ZqHLdM0ZAIFHVG53soDg8W5HqG1d6uzn
+RIO/9uV25zupI7LeoyNTMc/QidDSw7oL/sGylZ47qrBl+ymLCZeT72rXpsXMGZ4h
+UtnMhiy4GPT98CnMZd78rymNP7SAL8iI0D3PmLEvmM5BP2VU0V7Thy0CBekB7VeI
+BAQvF8NDzmG3r1Gke2t31x9JSDoKn6GBuNzpPoCf2wKCAgEAoSTrTv4wE6vHsG9h
+gmrIs8GUD7wAcNaKt50yZYHRH04JjXef2uhf4Xur5cq8jauWP51Hfs+MyMQ0u7Ug
+qTduyiR4MCi3YoiRdVqEzWVBwxBmnsbWuhN9mf0jhqapqMWn0xf3L5TslzZrvjL/
+TaN4UwKZDxKH7KpMJ7h1JbHy+ZedgrHFsR9JV2aX5/HsV4jMjxLlQivJybyJcQj6
+vAYWjfneiZ/R0a1jCL7w6xN9LFhprwaVE2uRzpPkxaQCwV60u2PTgDLdTaku7ZYb
+qzh5hbd0bpHU4Xfv6eHp9zJok/M6kTA8P3U2jmsMVxFKvx9blQRROz8n93EuMbXw
+uJqD7wZiXCT0d9/Ok95IxhYeljf9t1wMolvwYDzITQuExoqHm9XtI4iuTxR/ZarJ
+VEQu3WtS77unrCw6NAmXMGWXiVaIooI0vQB+R411LFnbrF6aD9fdvR2nXcBCtTvt
+6ocSRq0u2rg53ECot9dS8iuGgTAhmwwY0QETLCnsM+FJSvxNgf4gx7zn9pEsDBaM
+qHsEAKZ1NaGK0aWDrb/K+OSo9roqypoq+/lc2wl6Oyj0L1UetusEuHFPyVYNtalH
+AdeoFx01HxzctHj83Iz3QRCxtn50iS+Rfn+eNoMibwkAZkl+wbw4cNl1Se9hxWmh
+jiiQfABDO0n4rHGfZqcGMdf00hECggIBAK9DVYPNDM8q9RNSAdPKBGdYLs/jbaPN
+03JCUgoMWQ+0ZWu03jdOA27BwA7plAfiqwzNydnF/zuHXDi2DVKE0O7cORgPDfZV
+KKHfoiMzi2iqbwAlfbyO1dHbutjvRKjpOOBF/pEezNthQZ487PAtyOYz5mjG1OZr
+Elg8x5wHU2yRJxdgTxGb0ejF1CPJv/k3gryQx74BKysSzhLMTskchrMs3lrZzo4y
+UJmQ3UdlMJyiTGW28OyHkRPx3QI3193qRDPBDhDvLsNF/ZC5W8hOa00nznaPGHi9
+YY+y7F4yXYgCNGHUORfOIcubum1v2wDCZ8MDbyQT/6kLUs7xm3sdwLSlBMACGGj9
+SLk584cZTFxsbAZa7PC61oYuH4KtuFLVtLN7NecdBDQLJ0KG6auFIHoipDdpodDF
+/bgyvEgjJTcSGzI/Ibfo6etiqe3cl2GVCbcZgm/RxJHBY1G0/Wvq/9MoF9iJ536B
+bdpeEy0etmX7lo9/BbbSLGycORZQN4ea6MXzdfHv2Rw/iAEKNY2O86FkHjuYga/+
+0hFOL7+WMXcIgMzuhpzYoNSz2FVf+p/r2CmiTsWZj2bG2NSzVHr2uvZ/0a2L6GRG
+rzjmwVIMDG8kCYu4Ytj7hcia63APc+ZQ17++Hyd0/Ip72ouEeM0WleMLAyFFA03g
+afBPfpalyb5RAoICAD/ncTlq8LfGiJXZyySqWsIdxZf/29mjApbe7SGZj9Vy3I2E
+RC0A80v6ChOZb9VPwawVYIprkfP4K+Knz7W3z7TO1fgAxA5N3FRYksAIZOto8UUX
+cRl6n+hCtbuV3ntWWNtLA8g4KqPZYzJo0dlZxF2hVKBkrmN5fhXMKNMwHbxOn/32
+gmOKt8nzHCz1eru573VjMtQrxQpV/5E6Mkg/pkHRYs7nWd89wYcw3J1iKJhohkk3
+Gs7c5PLf7wYfMyyRCcNr0Npli5jBzvIHbvJNlF17rhyNwjOPW4+ZE8RXZyKCiV01
+t5eblKegWyKFNKoxvSsY69YFFP/imYjOqcJf8Ac9N8YBPYioyBGDck9T41cToXLZ
+FDKZoZ/MB1j0WENXXLdLffOyWJnjFYbezy6mWDFQR7y1OJq9HuDGcD4ltr0Ob2/N
+IvHJQ5Cc09yh5FD7t4JemfvynF/TfCuUAJTMe3NhVzsCtYBykJ5UhBUEhly5Kgtb
+CsMqBdD0JlX63fmTxUHmKoaS72uWj9aBClTTqMKPVcQtFeVV9ZZ3zy8sYAjsZGVa
+qvC+cMu7b0up6jsYzIXX1N9eUbg86JG+0NoxZSst9jD4FH2tWxGrvEpI8ccF5TWD
+fFTCeKZtiIw797IQTLVOBEhq045A+fMa52hg4AT1a3RcNCi8qgBSqvbZ2jGr
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/rsa/test/rsa8192pub.pem b/crypto/rsa/test/rsa8192pub.pem
new file mode 100644
index 0000000..eec24a6
--- /dev/null
+++ b/crypto/rsa/test/rsa8192pub.pem
@@ -0,0 +1,25 @@
+-----BEGIN PUBLIC KEY-----
+MIIEIjANBgkqhkiG9w0BAQEFAAOCBA8AMIIECgKCBAEArdfc7gqU0Jg02VccpxpK
+PZs2yEKzD1qTqtzuR9Go7F0k05zUXqljIAR0zrkbTBucjhIiu7pjB2w4HBP1eKjX
+X07t6bvP5QVcCFM9siC8R8vktOMhiU+kGnGZAEC7FDpv473X9qOxgduQpnrmwnwt
+d1Hmp9heuY+gACKEzOuEf59iQQI5CT3yLnlwuIzbZOe2KRrgBmICgKetmFMdaR6L
+AKpMqIAAQd3RQqg2iYyx8aaTg1diZl731Ld/YCsrxFIvATNVyY6aBd6Il9r+qxhW
+zfqv2TkwUT4IaqQ508faN/M4YVhJ+gCyUuxFeEobQilMfEaKLSgY6b9h+UNkA5F7
+wDMO8nUKu9QVJbI2RvZt34M4Duc9aLryQWKkSwFYOS9Ed46/pPRhc3dhIL9B5uPd
+QwABn7ndpDy+lPVZCX4xcrSHFy6MI63K/KhwhARFXXbQ/QLrzfCfaG21r84PUm+M
+ceYSFO8QMCMNfcsgR6GvhHWemc448dSPunkpCpTkO6XW1lPnccDjPySQP6oxZTjl
+baAhjEGCMvWr62dc9O3IoiwvRBtwr//2PEjFdhc45iiPMI6abX5McawaFADNWuty
+zcmnExWNJkaLMcOCeYeGLPuOAZoXGTRy4Hv9tE0BKdm0iwmn6Okx5MoavT9JshQt
+wpDh9qQjwg0Lex1UOqITnM4LVcUYd53k55Ab4erix2fjTEFWlJWPdSJx1X0qoVKf
+wBP1fYyNgMNzv7DPOkC3Uhl4BhTAQ1u35dxWpD5R4LiKvTOJiPOd+ZChgPjJxk9I
+lMi/4WcPG7Sd28zbV3wUk4jckFprfYZMndBcm2pB1ghFDCozG9qEUaUmZTCAKGqS
+T+zhzaGD/aPT/gK9Hs1d1xT3zYTid/1g3Ksb8dKAVybUDtc2p3Q6+JFr1wgZzucI
+wegItfdmJEdFn3MGkvsZCsIP7o6VwgfNzcXcjLdDEt1cJKTLJiJcWY1JYEokDjcN
+LkOPQM6JV957JcM0KYRf851tuOhFeX/h1jvJAMocX2KAmt0Le2gRkq8RhXOv0I7z
+NckLP1bqR27IWfbZS85wHofzSWPx0tR9mYwmMKSdq2hdVAlpQIADRbVRuy0poUWe
++vpLUbTRyl0vTnVpl6VYkJtEwhI/dOojdphxN7haz7oGK180JXK1ZsQtPb9n1SDL
+YIbpY9Ydva7denI0epoykGKR4cxqPvFKxFLdWy71HuLJZpSE792Qb2+sntnyPLSq
+hBb2fVI/JBsS5JyPG59bekcQqK2+DSNiQAglk/8PClS3SO1EA9YLkI4/4jpX/xIX
+Rh6clYV6tzdKmX+NO8jq3ceQvClcetSB30Vz3dMxMzaTQoJLjBwfmBu/8PJU88gv
+NQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/crypto/rsa/test/rsa8193.pem b/crypto/rsa/test/rsa8193.pem
new file mode 100644
index 0000000..7b9d085
--- /dev/null
+++ b/crypto/rsa/test/rsa8193.pem
@@ -0,0 +1,99 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIISKgIBAAKCBAEBeaDZhOt3skLqjWcZLNFT+9klhXTS6wSwPhz8dBfyovOgm0YF
+/jyqb8TfrwbrD4+KpOHqiSigqyrHgBAwCxS5Nb7yEfP35Fx5fBRlxwy+t4hiyJrv
+kIGerlIvXGl0AErm7Le/wOk6pCtEuCxD3U3gFB5EbOyW6a6pgN7YTV+uiUieWQKe
+iZiJwjYOlqhszJuCSFswAsZCn0665w6d79qBsoYSfnhGmsbTgmNgM0DOWejIwdR9
+1ocnHnXCQqsOo1UBU9koWFdNvfwTWDvtZCLlfAh7Q6jg6BydknIkuenvH1oeqSpt
+yfm/7SDS1J0qyxZbijdD7bW3Wd5aN5Rgq4otpd6EuOtTUMtnmJzRGhNiaSTs0W0t
+8FHYTKiSai5TOEt4NWyRI6evqShxLzmZQ614cZ/8qlY1ab0144akLpyzd+rVzF5x
+tU03IZKC2dElajaopSqCOt20dxNJgBDUhJnjePzB9MhF59YfbQ8Bv789csekQbNW
+IIUkG2TzGWxT5x313SgPDtYdxdUPJz0ZKjDvBcq4PAYkqZ//vmSWZBxBbvm+tE3J
+bPcSwBkLF9XHTeUO1DkhFi8t1/9YXS/rMYCs3hazjBHvUY++8+t7nysmeYtlxc2V
+OgoLkSv7tBvTufMnzYywdNSM55/K86SOwB8YHI18nJcbehkimBNqDPTUmsVGeYFP
+oT0c5RAOuMj5aNTq5hPBhz/Xjy2pn26cHoe+JQV0S2vmuNk8rj+ZK+QfRegMjTY8
+BGI5R0XQOXhfzwJ6K2UBIds29fHfEfQ5dknSbXeDy1QILYQYRxr80uWkdVvUeKX/
+zvkK6e7oQYWvBBC+B51OF403UlwPksa7dXoskfTkN/5zbUu4jm7H517+fQpDeicF
+G7N8X1DOEnMltzs4vIeymiQYf1CbmvywV9i67am1oKZiErc0gGueBoKQer0PuUPM
+kN57FTEEGHKGBBLhQopGUCa1r9w8ueUaI1kNhJyWds+nnlpIm9vHyvvwHfuB+rip
+mLsX7rXSZIhBmxAZe0+ZGHPiWend5STtvEXSiKN03i3kYejH4UvVveDilaQ6Y76L
+tuPleLvEYwjDs/MQH1C6W/uM5MtIaAIjOOgfGQ5SCydDPsYfB/SZXk4kSWqmr/ft
+lh/HASJDfmTO6xE0dDeShNDezNVq3KSLEPy/2Hxgs6EQ/m0evO1SGISN9+IIbwjK
+JycN7BSJfRYfC8cXb9mk0BoH7BO/YVhwil/UK/gC/yHZEdOQH+j6YiljbKodSR5+
+frRUOdh22wA3KAwflTqlSD9pkdMgmTrwHVIeXDJo50rkOsCvxUgnHfxaXkgtqhKb
+5GMBmxTrHM7cB0+eUOSRtxpMsU71gBQIfwLLwQIDAQABAoIEAQFARdKWMBrJfoVt
+vhYU88iV3fo7sPQ9zTEozO60C6eG2rfJWV812//1YXUQ/f4YqXY+FzkScPmrklG3
+ZINKsp3OXo7x+Qeyj1edi7MyWbXa9PpLB1TNK5IIaL2wU+PFZ8Fo3QLtuyE4IVZc
+GXbJWAYHKhCAjTwFH1S1bsrm/JKL7qIV/em160BTDgPbdScpdW7OrUAP6lSQxnYw
+By6eQaUkYx+GUb4YAS9b86qgbYNVr9+svOqpKuFbrSY/4tI8ZpkEozXbjtfpnMRP
+XiwddJdLVeotXSq60aI2lUZew3BCF+3PLaQF3CMSG3eUSWQE8IZcuDiNgEPsHXBI
+mThP5JaIiivopfV4nbrULZQO2IfrgxyzFjUTEGcxxPrAwV9lbGSccuK56btK7Xjp
+Q6GgS5zOSZFCanFMp+Pvf775pX904h/IAAXSbZWnjJob4I0qAwePZXkkMeqf3yTE
+UAHeIKJTd5OMZtsbIHhwx3yFQs377iR6cH5IgIM6FKk1U7HpX3ipxBLZU3HW2rfK
+YMBaDzx5nhAZIGCx2HhP4wHGEEzSsVAznZGLMBWgBN1qrq4le3LTPUy5gvQPsIoi
+JsUDrA1xIrHOx1tAwniCaaLkQPWVuktrssuweNqMmlAU1lEA8aA9begufiKvQ9Ae
+Sd+kQ/rwJHOeX243ZN/5OOYF7RPv2dfVvw0WeXKCJVgouEuW2xH47N5jTkFSPU/h
+DJezrTJqwntKsw0JBEFKwyBmEcjKXN+mOF7Xg+qOY/xGVQU4Yk38/w9tyuBACpDG
+76r7cE2T4a4awwF9h1qvV8POUSK2AE6G6+v/UW3DRlyDy/xLn/qjMSiF6FSyKgu/
+hxcIxQxX42z7PLSAzjeNQ19QvxU+yyR4F87OCudJJSC1JlIesTx9jQnJC135h002
+CRYemJ7NlRs69HS0Ut00cuhDcdwgEyZo2E2aiIGRi7WRPBFo6cIgDTuqgckwt++0
+BocQX2j2Qg0lGVollAnjzNoRBKzMJhr4s62awzvhK1SkCTuJPFbUXBKC+Ij+KftW
+Rh/VnazKtBAzpGwgqeYzEsHfeH1lvkebzZvlG6EUvXD3Y6SnWUYhU8XGkMkcyZwP
+z1RCCuPutXTKMstKrQy3d+v+9e8oL8dmLrfn1jHJPOzxLxDpvgBCBLkIuyzERuVV
+kyfmYeAdgFK4/0q1G5CaUkgLrj604kle1EhQp2OjSbecBm72ze7lolUZHTloxxSB
+mcAyhrDotCuyS8KYLh7zypNn4UxPyTGQhUWKT8eyCALhbJzi07s2MY8d+fnwBqUE
+WzKLcEWcDNKnuqQ3JePW7bQpHQMjZJAqQLohqBjwbI4vx3CCGsqALNvcnijWcR88
+K5AqcXktAoICAQG2oc0dLLo+O7mXpoIH20Q8b1chu12cLyR8kpvJaNFOjZ6cxzYe
+nOqRIbaB4Gvc0KMO4yFw+E2c5Hb0AlSXqSJd0NEfo8rwgjbSlIWOMZ2Q8OLKut4w
+ZgpZaPL+9pIGIvv8gaNXniO/1wfh06esFHjjYW/25g3l2hCAf0kOR2AahL1aht/Z
+2bsdGvjHUvZ0UlN4uNPPYRkL7lMMMuJR6Jj8vhe+gnbJtgs0lDljboMyqJCGKAT9
+JgK0iR7AHu8dPo+HFwjYhc8GkWZow89tO0+hqfd4fnQAtTqJe2U3TTSAMcPB5Fhv
+e++eelzb1DParimKwAHJzg41ul18MCcG9nG6iaaAkL8sRCxgGS8SyHgT/bRoQLz3
+o8E9VekI3rzZWVsCd/dSmia1+JG4t1wrRZZR0737yLNA7P860IHrgUMuDBKEdITY
+eYnfx5i73PReg5qSJK9RwzoJx3PgAQZSxY9lfM/6wmugOXRrlfcbpkYfHxPE4H/T
+RzJE57neD/buFUCkTpcfU2nf4KmhZfNESd+zjGFIC5D9wc5tw+trBbqFIsek+Rq8
+524Z5VGFAwZDC13YwRFYyhCBJ9HMHyN7Wl6IbJ5plWhYEkD8WzLYFxjUnyamSmIF
+C+sFK90d2SQqmiEN18vYf824gH2qBxkn85xY730K9dAs/5XM9oCfzIlmewKCAgEA
+3GVvtyANtsqlpAcPYh7tkg9x6KA90+Q1QJFHA0otu6MBBwhqdDcsgCPSiteii5+7
+MTAtQ1loOjyPQuTaP7cegLc9cXfTdgU3lqLpYTUsXSznw6HlELxZTnUPizSSlUs+
+oRm2YvYEH7eHZb1DVRcLZ+pGEMDKk95MoLj+aJQWBYUN6qFPPNCVMo7bLG4mwGeJ
+Ewp7KRBZckKqOoOub7Og8/+JIHfgRR+29THCtKEV1oB3cnKHgJ6vo228Z6yMZpe4
+UNg3HogiB5DvVRDhHVIqHMz1ErHALOxw2ZPoNJDHRCK1OL3I7HehhD/fKd/vC16X
+MjYOEq2mmmGFivT20zJBJDjuEl4QuX/IU4wXNZ4D3nCyFW+y45c/8WUhiGW0XcSU
+gbDF9Tmlj9nHr+SijzJYbPI1c01qY8ptZ/j9CX4as22PK4+EEoI/g+zLU4XdVtH7
+PzwWcCiznLiBejWSBcaR1O9zXpFnRyK6oYdsKSPllLX2Jppa4hG2c5O40J9aPvPd
+dmDxtdutDviknecNXBI/IXBsNrVj5GJk1aAtzLlDFcVmyWPafq/blGM3X3lSdpby
+mz/Vl77LSUuujiKH4YNZGlWqH2TZ12WoCEpIJ8OFGRm78cEse+44bn7TpnVjVWXR
+2x+NQImzGtnMwZG08l8ZZnH0qf7v5BWMRb7db2vm//MCggIBAS2kVZcjpCyaDAaj
+Jjba7jEVbHkxDa4TqWbVt7apk48Oyy4LvUcOKC2IXqcwO10OSaQ6REwZJd6oKrmh
+RKVLVevoZ3f3vt7o3WSxaKshqbb8QSqjmZr1AVb9WmZGEKORuXKrgDYH9ZO+/5eo
+Y11ucrgD0Oicyp/v93s2jXn5UbjK4iD4Mcbx+cCJRN5mSkAyQV761AaAQqY2zfvM
+nmEvsM3WuCN2OtR6kXgmGtUrMaRL0Z/As7WXRzL6PSBn5Y5Z8IA5Mgcc9gMRSLjx
+N5tpt1h4t0uwwnueJdRX/IIsYNdr4bBcJQj91QpKIcO3SbWwIbdeVZx/TLxcHmAC
+CUS7g/iBIvS1FhMOCupHR10GabVtunwbURiID6Lriqdj7cEWtwSalYXDpq1rdGLw
+Db1gTICXOcaF/ee/U8IRk9bt/NIU0UMvkhAAfPVcoMdIqvC4Vjr8aWiz9hy1ghVg
+/wU7AWMMk0ZiH3t/J3W5Gsdz8DMEvyacMKuOAZ7rMKHqnqiaCuszdK/BQEUKjf0F
+TGcA2oryFhBii+JGPnyzyBjARsW55kuoV1/jU48RaZ8sNkky7uXZ1+EUjIcVaCyU
+mWUB/5KYB9SaP7iZTQF+gheiwputmvmum3vW91eGE7isFDgL6IFJjtCjC0k/a6va
+18zmtfVfNMGty+y2E0Fxn4DFOxQzAoICAB/Oe8rf01rX8AO2CSBN+lcj53p89a9I
+te61iJwO7n6vzYwoSMSw2bk8cjwbVpfz214D5+RaWNJevwYWZPDhCoPk7fccJeZY
+ZmdU531h4R8pReFT0e0SYYkTF8UtNyJYk5dIUKwDeSDiqaWjJL547up2QtpUGGgy
+orhnOj/5bxwo0ZNU6EyMhZugRj0pQGpwBrY6wv9wHpiAynRbYKc6MzZDYJTQ+ArB
+wvOr1L+gp7gnHhXkNW34eLyLL69+lVyQ9MamDX5YgyC4Z/HM19AVdYJmic/C20sg
+bEDaOZ6sbjWFFMY1jXOi6Cpf1WMDsEnhwsw6RNmpOev5uv4M0Do2fHQvyxvXe25p
+5I06IHdacJB/jxPM5PI3d8DsqWQ32UnW/t+glVEImr4h3dGim1szFtPSOKiFOZ9h
+LVzd8BaYnl3ap9jPg23wYh415DoPjZvj/fBoSYyyMwmhDv6GEKbIu28Rh4LUVSVM
++8Yn9xIQ3icSA44apJcPm1cesINbG/kN1J4q63clVtpcQ9WN7L2m3HmE8fkLQHlL
+QeYakcGD0wynSmgyAuxZkMTfdLRQm/gFXMnO8pJNtKTFSVG15gpDnG5SgpS5Rz7w
+qslXfwZODz1KG3eOO08/V+GKaB0Tv9wpL5oB+a6gsLplSEl/L6/yzYWdWIPYCOLP
+wUinfOmBlvrFAoICAQEKJzfms84mnWw9nhjZkSqNuHG7jHI1rXOPe0+ak72k6fIA
+cQ2sLZUlmlZuNfp9Y5TSaMQHp8owMw048O0kv2ghrmjtrqpe/cd7d6ltUEWE4Di7
++2q8m9u/quSAs6O4ITR5Htw5oHHxHNzSpSzFXrp37gMekjNEGaSMyn22oR53uQp7
+AGywnsmb+Kxkl56dPwZmKm/Gp4ESgfLSV5jKl7CFqwpvNp7iV2nspqz0gleSM2iB
+wMCVFIlA1v3yYag+rDW/o7nDB9NPvKAeb/C+CDyAbWwz89QEV0jMAIsk2R4fpTHD
+HySUuCKwjc0aqvI3xVnAvZoJNPnLtPoS9H5vaNNj5stsBl8Y6QK+knuWzej5sCZV
+ulSJLHQOGdA0MDfTE4pz9EQ3jCr3h5G8ZURUrXjnPKwFFWVp1qV+4Ayh+rcxqF7l
+ewSP5Tlj7HguOqBkqHDoPsxB+yto1NeYQ/aNARYaC3ojNQReTm/4SHl74zq9SjMW
+1rxIxZBoEH1NO93Dq0GLQyrOOvHLp3JRrNbIsYWON5g7mTV7m7dr2y3UUwRbOqKo
+NViTsG9Q6p5BEey0A06V0jpjMEuc/KLq/dv8rvEKOq219oztnnp5sw2bTqgxqOHC
+DsjiyAkM1hDmiHVxIPv114eJXv96a41DGKcdRXLqQiHlWcTtCCl/xS/oQom+qg==
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/rsa/test/rsa8193pub.pem b/crypto/rsa/test/rsa8193pub.pem
new file mode 100644
index 0000000..864137f
--- /dev/null
+++ b/crypto/rsa/test/rsa8193pub.pem
@@ -0,0 +1,25 @@
+-----BEGIN PUBLIC KEY-----
+MIIEIjANBgkqhkiG9w0BAQEFAAOCBA8AMIIECgKCBAEBeaDZhOt3skLqjWcZLNFT
++9klhXTS6wSwPhz8dBfyovOgm0YF/jyqb8TfrwbrD4+KpOHqiSigqyrHgBAwCxS5
+Nb7yEfP35Fx5fBRlxwy+t4hiyJrvkIGerlIvXGl0AErm7Le/wOk6pCtEuCxD3U3g
+FB5EbOyW6a6pgN7YTV+uiUieWQKeiZiJwjYOlqhszJuCSFswAsZCn0665w6d79qB
+soYSfnhGmsbTgmNgM0DOWejIwdR91ocnHnXCQqsOo1UBU9koWFdNvfwTWDvtZCLl
+fAh7Q6jg6BydknIkuenvH1oeqSptyfm/7SDS1J0qyxZbijdD7bW3Wd5aN5Rgq4ot
+pd6EuOtTUMtnmJzRGhNiaSTs0W0t8FHYTKiSai5TOEt4NWyRI6evqShxLzmZQ614
+cZ/8qlY1ab0144akLpyzd+rVzF5xtU03IZKC2dElajaopSqCOt20dxNJgBDUhJnj
+ePzB9MhF59YfbQ8Bv789csekQbNWIIUkG2TzGWxT5x313SgPDtYdxdUPJz0ZKjDv
+Bcq4PAYkqZ//vmSWZBxBbvm+tE3JbPcSwBkLF9XHTeUO1DkhFi8t1/9YXS/rMYCs
+3hazjBHvUY++8+t7nysmeYtlxc2VOgoLkSv7tBvTufMnzYywdNSM55/K86SOwB8Y
+HI18nJcbehkimBNqDPTUmsVGeYFPoT0c5RAOuMj5aNTq5hPBhz/Xjy2pn26cHoe+
+JQV0S2vmuNk8rj+ZK+QfRegMjTY8BGI5R0XQOXhfzwJ6K2UBIds29fHfEfQ5dknS
+bXeDy1QILYQYRxr80uWkdVvUeKX/zvkK6e7oQYWvBBC+B51OF403UlwPksa7dXos
+kfTkN/5zbUu4jm7H517+fQpDeicFG7N8X1DOEnMltzs4vIeymiQYf1CbmvywV9i6
+7am1oKZiErc0gGueBoKQer0PuUPMkN57FTEEGHKGBBLhQopGUCa1r9w8ueUaI1kN
+hJyWds+nnlpIm9vHyvvwHfuB+ripmLsX7rXSZIhBmxAZe0+ZGHPiWend5STtvEXS
+iKN03i3kYejH4UvVveDilaQ6Y76LtuPleLvEYwjDs/MQH1C6W/uM5MtIaAIjOOgf
+GQ5SCydDPsYfB/SZXk4kSWqmr/ftlh/HASJDfmTO6xE0dDeShNDezNVq3KSLEPy/
+2Hxgs6EQ/m0evO1SGISN9+IIbwjKJycN7BSJfRYfC8cXb9mk0BoH7BO/YVhwil/U
+K/gC/yHZEdOQH+j6YiljbKodSR5+frRUOdh22wA3KAwflTqlSD9pkdMgmTrwHVIe
+XDJo50rkOsCvxUgnHfxaXkgtqhKb5GMBmxTrHM7cB0+eUOSRtxpMsU71gBQIfwLL
+wQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/gen/sources.bzl b/gen/sources.bzl
index 57bd217..2ba9852 100644
--- a/gen/sources.bzl
+++ b/gen/sources.bzl
@@ -894,6 +894,14 @@
"crypto/pkcs8/test/unicode_password.p12",
"crypto/pkcs8/test/windows.p12",
"crypto/poly1305/poly1305_tests.txt",
+ "crypto/rsa/test/rsa511.pem",
+ "crypto/rsa/test/rsa511pub.pem",
+ "crypto/rsa/test/rsa512.pem",
+ "crypto/rsa/test/rsa512pub.pem",
+ "crypto/rsa/test/rsa8192.pem",
+ "crypto/rsa/test/rsa8192pub.pem",
+ "crypto/rsa/test/rsa8193.pem",
+ "crypto/rsa/test/rsa8193pub.pem",
"crypto/siphash/siphash_tests.txt",
"crypto/slhdsa/slhdsa_keygen.txt",
"crypto/slhdsa/slhdsa_prehash.txt",
diff --git a/gen/sources.cmake b/gen/sources.cmake
index 5adf810..9c18057 100644
--- a/gen/sources.cmake
+++ b/gen/sources.cmake
@@ -920,6 +920,14 @@
crypto/pkcs8/test/unicode_password.p12
crypto/pkcs8/test/windows.p12
crypto/poly1305/poly1305_tests.txt
+ crypto/rsa/test/rsa511.pem
+ crypto/rsa/test/rsa511pub.pem
+ crypto/rsa/test/rsa512.pem
+ crypto/rsa/test/rsa512pub.pem
+ crypto/rsa/test/rsa8192.pem
+ crypto/rsa/test/rsa8192pub.pem
+ crypto/rsa/test/rsa8193.pem
+ crypto/rsa/test/rsa8193pub.pem
crypto/siphash/siphash_tests.txt
crypto/slhdsa/slhdsa_keygen.txt
crypto/slhdsa/slhdsa_prehash.txt
diff --git a/gen/sources.gni b/gen/sources.gni
index 37761d8..3c57bc8 100644
--- a/gen/sources.gni
+++ b/gen/sources.gni
@@ -894,6 +894,14 @@
"crypto/pkcs8/test/unicode_password.p12",
"crypto/pkcs8/test/windows.p12",
"crypto/poly1305/poly1305_tests.txt",
+ "crypto/rsa/test/rsa511.pem",
+ "crypto/rsa/test/rsa511pub.pem",
+ "crypto/rsa/test/rsa512.pem",
+ "crypto/rsa/test/rsa512pub.pem",
+ "crypto/rsa/test/rsa8192.pem",
+ "crypto/rsa/test/rsa8192pub.pem",
+ "crypto/rsa/test/rsa8193.pem",
+ "crypto/rsa/test/rsa8193pub.pem",
"crypto/siphash/siphash_tests.txt",
"crypto/slhdsa/slhdsa_keygen.txt",
"crypto/slhdsa/slhdsa_prehash.txt",
diff --git a/gen/sources.json b/gen/sources.json
index da10b20..bdd4102 100644
--- a/gen/sources.json
+++ b/gen/sources.json
@@ -874,6 +874,14 @@
"crypto/pkcs8/test/unicode_password.p12",
"crypto/pkcs8/test/windows.p12",
"crypto/poly1305/poly1305_tests.txt",
+ "crypto/rsa/test/rsa511.pem",
+ "crypto/rsa/test/rsa511pub.pem",
+ "crypto/rsa/test/rsa512.pem",
+ "crypto/rsa/test/rsa512pub.pem",
+ "crypto/rsa/test/rsa8192.pem",
+ "crypto/rsa/test/rsa8192pub.pem",
+ "crypto/rsa/test/rsa8193.pem",
+ "crypto/rsa/test/rsa8193pub.pem",
"crypto/siphash/siphash_tests.txt",
"crypto/slhdsa/slhdsa_keygen.txt",
"crypto/slhdsa/slhdsa_prehash.txt",
diff --git a/gen/sources.mk b/gen/sources.mk
index 2d9339c..e683dc9 100644
--- a/gen/sources.mk
+++ b/gen/sources.mk
@@ -882,6 +882,14 @@
crypto/pkcs8/test/unicode_password.p12 \
crypto/pkcs8/test/windows.p12 \
crypto/poly1305/poly1305_tests.txt \
+ crypto/rsa/test/rsa511.pem \
+ crypto/rsa/test/rsa511pub.pem \
+ crypto/rsa/test/rsa512.pem \
+ crypto/rsa/test/rsa512pub.pem \
+ crypto/rsa/test/rsa8192.pem \
+ crypto/rsa/test/rsa8192pub.pem \
+ crypto/rsa/test/rsa8193.pem \
+ crypto/rsa/test/rsa8193pub.pem \
crypto/siphash/siphash_tests.txt \
crypto/slhdsa/slhdsa_keygen.txt \
crypto/slhdsa/slhdsa_prehash.txt \
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index b9287b7..4397d0e 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -54,7 +54,7 @@
// OPENSSL_DH_MAX_MODULUS_BITS is the maximum supported Diffie-Hellman group
// modulus, in bits.
-#define OPENSSL_DH_MAX_MODULUS_BITS 10000
+#define OPENSSL_DH_MAX_MODULUS_BITS 8192
// DH_bits returns the size of |dh|'s group modulus, in bits.
OPENSSL_EXPORT unsigned DH_bits(const DH *dh);
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 9b3d20c..9b50286 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -56,7 +56,7 @@
// OPENSSL_DSA_MAX_MODULUS_BITS is the maximum supported DSA group modulus, in
// bits.
-#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
+#define OPENSSL_DSA_MAX_MODULUS_BITS 8192
// DSA_bits returns the size of |dsa|'s group modulus, in bits.
OPENSSL_EXPORT unsigned DSA_bits(const DSA *dsa);
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 833d860..d948b19 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -69,9 +69,7 @@
// Properties.
// OPENSSL_RSA_MAX_MODULUS_BITS is the maximum supported RSA modulus, in bits.
-//
-// TODO(crbug.com/402677800): Reduce this to 8192.
-#define OPENSSL_RSA_MAX_MODULUS_BITS 16384
+#define OPENSSL_RSA_MAX_MODULUS_BITS 8192
// RSA_bits returns the size of |rsa|, in bits.
OPENSSL_EXPORT unsigned RSA_bits(const RSA *rsa);
