Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072

Fixes #11863 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12162)
author: Shane Lontis <shane.lontis@oracle.com> 2020-06-16 13:04:57 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2020-08-12 09:25:49 +1000
commit: 7c9a7cf12715ac3e906b8d55466f19285fc59e78 (patch)
tree: 908ad763b756ba550f6a3a465017306933f4f589 /crypto/bn
parent: 1017ab21e478b18dd2d9266955dee7e418932a3c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index a8b0a69aee..ab1e1f14ae 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -65,7 +65,7 @@ static int bn_rsa_fips186_4_aux_prime_min_size(int nbits)
 {
     if (nbits >= 3072)
         return 171;
-    if (nbits == 2048)
+    if (nbits >= 2048)
         return 141;
     return 0;
 }
@@ -83,7 +83,7 @@ static int bn_rsa_fips186_4_aux_prime_max_sum_size_for_prob_primes(int nbits)
 {
     if (nbits >= 3072)
         return 1518;
-    if (nbits == 2048)
+    if (nbits >= 2048)
         return 1007;
     return 0;
 }
author	Shane Lontis <shane.lontis@oracle.com>	2020-06-16 13:04:57 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2020-08-12 09:25:49 +1000
commit	7c9a7cf12715ac3e906b8d55466f19285fc59e78 (patch)
tree	908ad763b756ba550f6a3a465017306933f4f589 /crypto/bn
parent	1017ab21e478b18dd2d9266955dee7e418932a3c (diff)