From f098d438361a13d0852404f0d8bb32359469e033 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 31 Oct 2019 13:10:40 +0000
Subject: Move RSA min modulus to a define and increase from 256 to 512 bits.

From OpenSSL 1.1.1d.

ok inoguchi@
---
 src/lib/libcrypto/rsa/rsa_locl.h  | 4 +++-
 src/lib/libcrypto/rsa/rsa_pmeth.c | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/lib/libcrypto/rsa')

diff --git a/src/lib/libcrypto/rsa/rsa_locl.h b/src/lib/libcrypto/rsa/rsa_locl.h
index 0d86799777..a10ea958b5 100644
--- a/src/lib/libcrypto/rsa/rsa_locl.h
+++ b/src/lib/libcrypto/rsa/rsa_locl.h
@@ -1,7 +1,9 @@
-/* $OpenBSD: rsa_locl.h,v 1.6 2019/10/24 16:26:13 jsing Exp $ */
+/* $OpenBSD: rsa_locl.h,v 1.7 2019/10/31 13:10:40 jsing Exp $ */
 
 __BEGIN_HIDDEN_DECLS
 
+#define RSA_MIN_MODULUS_BITS	512
+
 typedef struct rsa_oaep_params_st {
 	X509_ALGOR *hashFunc;
 	X509_ALGOR *maskGenFunc;
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 1d51e52fe2..1b6d1de35d 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.29 2019/10/31 13:06:30 jsing Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.30 2019/10/31 13:10:40 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -454,8 +454,8 @@ pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		return 1;
 
 	case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
-		if (p1 < 256) {
-			RSAerror(RSA_R_INVALID_KEYBITS);
+		if (p1 < RSA_MIN_MODULUS_BITS) {
+			RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
 			return -2;
 		}
 		rctx->nbits = p1;
-- 
cgit v1.2.3-55-g6feb