Increase minimal RSA keysize from 256 to 512 bits

Change-Id: I87fd19881867c560ae8684341e182fe85f14304f

diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h
index 82ef7b9a45a1d9440edbba98cca966badf4cc205..e4783e37bd752afda0f42eeae6e40266ab637768 100755 (executable)
--- a/api/yaca/yaca_key.h
+++ b/api/yaca/yaca_key.h
@@ -216,7 +216,7 @@ int yaca_key_export(const yaca_key_h key,
  *           or key generation parameters for key types that support them (DSA, DH and EC).
  *
  * @remarks  Supported key lengths:
- *           - RSA: length >= 256bits
+ *           - RSA: length >= 512bits
  *           - DSA: length >= 512bits, multiple of 64
  *           - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or
  *                 (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits),

diff --git a/src/key.c b/src/key.c
index 264d5ae664501e0787ffcbf11e599505d1330837..0c04179ca3d00bff604d59b77741fb9d4afd3c64 100644 (file)
--- a/src/key.c
+++ b/src/key.c
@@ -593,6 +593,12 @@ static int import_evp(yaca_key_h *key,
                goto exit;
        }
 
+       if ((key_type == YACA_KEY_TYPE_RSA_PRIV || key_type == YACA_KEY_TYPE_RSA_PUB) &&
+           (EVP_PKEY_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) {
+               ret = YACA_ERROR_INVALID_PARAMETER;
+               goto exit;
+       }
+
        ret = yaca_zalloc(sizeof(struct yaca_key_evp_s), (void**)&nk);
        if (ret != YACA_ERROR_NONE)
                goto exit;
@@ -1185,7 +1191,7 @@ static int generate_evp_pkey_key(int evp_id, size_t key_bit_len, EVP_PKEY *param
 
        if (evp_id == EVP_PKEY_RSA) {
                if ((key_bit_len & YACA_KEYLEN_COMPONENT_TYPE_MASK) != YACA_KEYLEN_COMPONENT_TYPE_BITS ||
-                   key_bit_len > INT_MAX || key_bit_len % 8 != 0) {
+                   key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 8 != 0) {
                        ret = YACA_ERROR_INVALID_PARAMETER;
                        goto exit;
                }