rsa/rsa_lib.c: make RSA_security_bits multi-prime aware.
authorAndy Polyakov <appro@openssl.org>
Fri, 24 Nov 2017 20:31:11 +0000 (21:31 +0100)
committerAndy Polyakov <appro@openssl.org>
Tue, 28 Nov 2017 19:04:57 +0000 (20:04 +0100)
Multi-prime RSA security is not determined by modulus length alone, but
depends even on number of primes. Too many primes render security
inadequate, but there is no common amount of primes or common factors'
length that provide equivalent secuity promise as two-prime for given
modulus length. Maximum amount of permitted primes is determined
according to following table.

   <1024 | >=1024 | >=4096 | >=8192
   ------+--------+--------+-------
     2   |   3    |   4    |   5

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4791)


No differences found