rsa: remove the limit on the maximum key strength

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15472)
author: Pauli <pauli@openssl.org> 2021-05-26 09:27:32 +1000
committer: Pauli <pauli@openssl.org> 2021-05-27 13:01:28 +1000
commit: 0c05fda40e3d55a322970f2bbbfea89e645e6902 (patch)
tree: f91761c53622fcba0a8d0d8cb4e8fc5469ed33c0 /crypto
parent: 9d0dd1d51335cd17d2594adfe4d30142f2ab8b19 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c
index 077c32f1e9..2cd0dba764 100644
--- a/crypto/rsa/rsa_sp800_56b_gen.c
+++ b/crypto/rsa/rsa_sp800_56b_gen.c
@@ -17,7 +17,6 @@
 
 #define RSA_FIPS1864_MIN_KEYGEN_KEYSIZE 2048
 #define RSA_FIPS1864_MIN_KEYGEN_STRENGTH 112
-#define RSA_FIPS1864_MAX_KEYGEN_STRENGTH 256
 
 /*
  * Generate probable primes 'p' & 'q'. See FIPS 186-4 Section B.3.6
@@ -174,8 +173,7 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
     int s = (int)ossl_ifc_ffc_compute_security_bits(nbits);
 
 #ifdef FIPS_MODULE
-    if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH
-            || s > RSA_FIPS1864_MAX_KEYGEN_STRENGTH) {
+    if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH) {
         ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS);
         return 0;
     }
author	Pauli <pauli@openssl.org>	2021-05-26 09:27:32 +1000
committer	Pauli <pauli@openssl.org>	2021-05-27 13:01:28 +1000
commit	0c05fda40e3d55a322970f2bbbfea89e645e6902 (patch)
tree	f91761c53622fcba0a8d0d8cb4e8fc5469ed33c0 /crypto
parent	9d0dd1d51335cd17d2594adfe4d30142f2ab8b19 (diff)