@@ -109,30 +109,47 @@ public void testGetMinRsaSize() {
109109 assertTrue (minRsaSize > 0 );
110110 }
111111
112+ /**
113+ * Helper to make RSA key with retry. In FIPS mode the prime generation
114+ * loop has a finite retry count (NIST FIPS 186-4 B.3.3). On rare occasions
115+ * this can fail with PRIME_GEN_E even with a healthy RNG, so retry once
116+ * on that error.
117+ *
118+ * JCE level classes have retry built in, but not at the JNI class
119+ * level.
120+ */
121+ private void makeKeyWithRetry (int size , long e , Rng rng ) {
122+
123+ Rsa key = new Rsa ();
124+ try {
125+ key .makeKey (size , e , rng );
126+ } catch (WolfCryptException ex ) {
127+ if (Fips .enabled &&
128+ ex .getError () == WolfCryptError .PRIME_GEN_E ) {
129+ /* Retry once on transient PRIME_GEN_E */
130+ key .releaseNativeStruct ();
131+ key = new Rsa ();
132+ key .makeKey (size , e , rng );
133+ } else {
134+ key .releaseNativeStruct ();
135+ throw ex ;
136+ }
137+ }
138+ key .releaseNativeStruct ();
139+ }
140+
112141 @ Test
113142 public void testMakeKey () {
114143
115- Rsa key = null ;
116-
117144 /* FIPS after 2425 doesn't allow 1024-bit RSA key gen */
118145 if ((Fips .enabled && Fips .fipsVersion < 5 ) ||
119146 (!Fips .enabled && Rsa .RSA_MIN_SIZE <= 1024 )) {
120- key = new Rsa ();
121- key .makeKey (1024 , 65537 , rng );
122- key .releaseNativeStruct ();
147+ makeKeyWithRetry (1024 , 65537 , rng );
123148 }
124149
125- key = new Rsa ();
126- key .makeKey (2048 , 65537 , rng );
127- key .releaseNativeStruct ();
128-
129- key = new Rsa ();
130- key .makeKey (3072 , 65537 , rng );
131- key .releaseNativeStruct ();
132-
133- key = new Rsa ();
134- key .makeKey (4096 , 65537 , rng );
135- key .releaseNativeStruct ();
150+ makeKeyWithRetry (2048 , 65537 , rng );
151+ makeKeyWithRetry (3072 , 65537 , rng );
152+ makeKeyWithRetry (4096 , 65537 , rng );
136153 }
137154
138155 @ Test
0 commit comments