rsa: remove the limit on the maximum key strength

author Pauli <pauli@openssl.org>

Tue, 25 May 2021 23:27:32 +0000 (09:27 +1000)

committer Pauli <pauli@openssl.org>

Thu, 27 May 2021 03:01:28 +0000 (13:01 +1000)
author Pauli <pauli@openssl.org>
Tue, 25 May 2021 23:27:32 +0000 (09:27 +1000)
committer Pauli <pauli@openssl.org>
Thu, 27 May 2021 03:01:28 +0000 (13:01 +1000)
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c

index 077c32f1e9de8afd8b46a6bfe7d7a0033e00fafe..2cd0dba7640bc38ee3c1d68e05d28793576feaae 100644 (file)
--- a/crypto/rsa/rsa_sp800_56b_gen.c
+++ b/crypto/rsa/rsa_sp800_56b_gen.c
@@ -17,7 +17,6 @@
  
  #define RSA_FIPS1864_MIN_KEYGEN_KEYSIZE 2048
  #define RSA_FIPS1864_MIN_KEYGEN_STRENGTH 112
-#define RSA_FIPS1864_MAX_KEYGEN_STRENGTH 256
  
  /*
   * Generate probable primes 'p' & 'q'. See FIPS 186-4 Section B.3.6
@@ -174,8 +173,7 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
      int s = (int)ossl_ifc_ffc_compute_security_bits(nbits);
  
  #ifdef FIPS_MODULE
-    if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH
-            || s > RSA_FIPS1864_MAX_KEYGEN_STRENGTH) {
+    if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH) {
          ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS);
          return 0;
      }
author	Pauli <pauli@openssl.org>
	Tue, 25 May 2021 23:27:32 +0000 (09:27 +1000)
committer	Pauli <pauli@openssl.org>
	Thu, 27 May 2021 03:01:28 +0000 (13:01 +1000)