Update RSA keygen to use sp800-56b by default

Fixes #11742 Fixes #11764 The newer RSA sp800-56b algorithm is being used for the normal case of a non multiprime key of at least length 2048. Insecure key lengths and mutltiprime RSA will use the old method. Bad public exponents are no longer allowed (i.e values less than 65537 or even). Values such as 2 that would cause a infinite loop now result in an error. The value of 3 has been marked as deprecated but is still allowed for legacy purposes. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11765)
author: Shane Lontis <shane.lontis@oracle.com> 2020-06-10 08:59:56 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2020-06-10 08:59:56 +1000
commit: 8bf37709a471bb31d2e1f5b4b3796fb3e6dce4df (patch)
tree: e98500058e4d1c66bec1b7badd759b6c61bab683 /include
parent: cd4afec69f13e283f74d59f1c97e15db6803bdcb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index bf12b90088..140c0d4412 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -40,7 +40,7 @@ extern "C" {
 #  ifndef OPENSSL_NO_DEPRECATED_3_0
 /* The types RSA and RSA_METHOD are defined in ossl_typ.h */
 
-#   define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
+#   define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048
 
 #   ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
 #    define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
author	Shane Lontis <shane.lontis@oracle.com>	2020-06-10 08:59:56 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2020-06-10 08:59:56 +1000
commit	8bf37709a471bb31d2e1f5b4b3796fb3e6dce4df (patch)
tree	e98500058e4d1c66bec1b7badd759b6c61bab683 /include
parent	cd4afec69f13e283f74d59f1c97e15db6803bdcb (diff)