rsa/rsa_lib.c: make RSA_security_bits multi-prime aware.

Multi-prime RSA security is not determined by modulus length alone, but depends even on number of primes. Too many primes render security inadequate, but there is no common amount of primes or common factors' length that provide equivalent secuity promise as two-prime for given modulus length. Maximum amount of permitted primes is determined according to following table. <1024 | >=1024 | >=4096 | >=8192 ------+--------+--------+------- 2 | 3 | 4 | 5 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4791)
author: Andy Polyakov <appro@openssl.org> 2017-11-24 21:31:11 +0100
committer: Andy Polyakov <appro@openssl.org> 2017-11-28 20:04:57 +0100
commit: 0122add6549c7d5671f77a81c5a32571a5d46f3f (patch)
tree: de731841d36e5abc6e2c73e52e88cf75fd7c1367 /crypto/rsa/rsa_mp.c
parent: Fix lshift tests (diff)
download: openssl-0122add6549c7d5671f77a81c5a32571a5d46f3f.tar.xz
openssl-0122add6549c7d5671f77a81c5a32571a5d46f3f.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_mp.c b/crypto/rsa/rsa_mp.c
index d970564840..8ff4b63625 100644
--- a/crypto/rsa/rsa_mp.c
+++ b/crypto/rsa/rsa_mp.c
@@ -93,3 +93,17 @@ int rsa_multip_calc_product(RSA *rsa)
     BN_CTX_free(ctx);
     return rv;
 }
+
+int rsa_multip_cap(int bits)
+{
+    int cap = 5;
+
+    if (bits < 1024)
+        cap = 2;
+    else if (bits < 4096)
+        cap = 3;
+    else if (bits < 8192)
+        cap = 4;
+
+    return cap;
+}
author	Andy Polyakov <appro@openssl.org>	2017-11-24 21:31:11 +0100
committer	Andy Polyakov <appro@openssl.org>	2017-11-28 20:04:57 +0100
commit	0122add6549c7d5671f77a81c5a32571a5d46f3f (patch)
tree	de731841d36e5abc6e2c73e52e88cf75fd7c1367 /crypto/rsa/rsa_mp.c
parent	Fix lshift tests (diff)
download	openssl-0122add6549c7d5671f77a81c5a32571a5d46f3f.tar.xz openssl-0122add6549c7d5671f77a81c5a32571a5d46f3f.zip