From 323eda7f0675a46f26a3aa605851bff2d50d8c5a Mon Sep 17 00:00:00 2001
From: Dariusz Michaluk <d.michaluk@samsung.com>
Date: Wed, 21 Sep 2016 11:40:19 +0200
Subject: [PATCH] Increase minimal RSA keysize from 256 to 512 bits

Change-Id: I87fd19881867c560ae8684341e182fe85f14304f
---
 api/yaca/yaca_key.h | 2 +-
 src/key.c           | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h
index 82ef7b9..e4783e3 100755
--- a/api/yaca/yaca_key.h
+++ b/api/yaca/yaca_key.h
@@ -216,7 +216,7 @@ int yaca_key_export(const yaca_key_h key,
  *           or key generation parameters for key types that support them (DSA, DH and EC).
  *
  * @remarks  Supported key lengths:
- *           - RSA: length >= 256bits
+ *           - RSA: length >= 512bits
  *           - DSA: length >= 512bits, multiple of 64
  *           - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or
  *                 (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits),
diff --git a/src/key.c b/src/key.c
index 264d5ae..0c04179 100644
--- a/src/key.c
+++ b/src/key.c
@@ -593,6 +593,12 @@ static int import_evp(yaca_key_h *key,
 		goto exit;
 	}
 
+	if ((key_type == YACA_KEY_TYPE_RSA_PRIV || key_type == YACA_KEY_TYPE_RSA_PUB) &&
+	    (EVP_PKEY_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) {
+		ret = YACA_ERROR_INVALID_PARAMETER;
+		goto exit;
+	}
+
 	ret = yaca_zalloc(sizeof(struct yaca_key_evp_s), (void**)&nk);
 	if (ret != YACA_ERROR_NONE)
 		goto exit;
@@ -1185,7 +1191,7 @@ static int generate_evp_pkey_key(int evp_id, size_t key_bit_len, EVP_PKEY *param
 
 	if (evp_id == EVP_PKEY_RSA) {
 		if ((key_bit_len & YACA_KEYLEN_COMPONENT_TYPE_MASK) != YACA_KEYLEN_COMPONENT_TYPE_BITS ||
-		    key_bit_len > INT_MAX || key_bit_len % 8 != 0) {
+		    key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 8 != 0) {
 			ret = YACA_ERROR_INVALID_PARAMETER;
 			goto exit;
 		}
-- 
2.7.4