rsa/rsa_lib.c: make RSA_security_bits multi-prime aware.
authorAndy Polyakov <appro@openssl.org>
Fri, 24 Nov 2017 20:31:11 +0000 (21:31 +0100)
committerAndy Polyakov <appro@openssl.org>
Tue, 28 Nov 2017 19:04:57 +0000 (20:04 +0100)
commit0122add6549c7d5671f77a81c5a32571a5d46f3f
treede731841d36e5abc6e2c73e52e88cf75fd7c1367
parent83ccead4d0fb496c8f00ee53c28e957b8cab4181
rsa/rsa_lib.c: make RSA_security_bits multi-prime aware.

Multi-prime RSA security is not determined by modulus length alone, but
depends even on number of primes. Too many primes render security
inadequate, but there is no common amount of primes or common factors'
length that provide equivalent secuity promise as two-prime for given
modulus length. Maximum amount of permitted primes is determined
according to following table.

   <1024 | >=1024 | >=4096 | >=8192
   ------+--------+--------+-------
     2   |   3    |   4    |   5

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4791)
crypto/rsa/rsa_lib.c
crypto/rsa/rsa_locl.h
crypto/rsa/rsa_mp.c