)]}'
{
  "commit": "dd9ee6068667ca58c8d6f1c1cea617fd69452ecf",
  "tree": "91e028c1f8c56bf20114e658f29e4ac5254f6cc2",
  "parents": [
    "786554f8f4e8c75bb18c5f91f69b7a328c177618"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Thu May 11 10:12:03 2023 -0400"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Mon May 15 21:51:01 2023 +0000"
  },
  "message": "Reject RSA keys under 512 bits\n\n512-bit RSA was factored in 1999, so this limit barely means anything.\nBut establish some limit now to ratchet in what we can. We\u0027ll raise this\nlimit as we clear through further rounds of bad keys in tests.\n\nAs part of this, I\u0027ve touched up rsa_test.cc a bit. All the functions\nthat made assumptions on key size now use std::vector with RSA_size.\nkKey1 and kKey2 were also 512- and 400-bit RSA, respectively. In\nprinciple, we could keep kKey1 for now, but the next stage will break it\nanyway. I\u0027ve replaced them with kFIPSKey (which was \"FIPS-compliant\" but\nactually 1024-bit) and kTwoPrime (remnant of multi-prime RSA, 2048-bit).\nAs neither name makes sense, they\u0027re just the new kKey1 and kKey2.\n\nI\u0027ve also switched from string literals to arrays, which avoids the\npesky trailing NUL. Sadly, it is a bit more verbose. Maybe we should\nswitch to writing something like:\n\n  const std::vector\u003cuint8_t\u003e kKey1 \u003d MustDecodeHex(\"abcdef1234...\");\n\nStatic initializers don\u0027t matter in tests, after all.\n\nUpdate-Note: We no longer accept 511-bit RSA and below. If you run into\nthis, update test keys to more modern sizes as we plan to raise the\nlimit beyond 512-bit RSA in the future. 512-bit RSA was factored in\n1999, so keys at or near this limit have been obsolete for a very, very\nlong time.\n\nBug: 607\nChange-Id: I13c3366d7e5f326710f1d1b298f4150a4e8e4d78\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/59827\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "9283466579a825fc53815d11cd03112546ddeda6",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/rsa/rsa_impl.c",
      "new_id": "120639703c9652dff7f3ee564892f3f359f7e00f",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/rsa/rsa_impl.c"
    },
    {
      "type": "modify",
      "old_id": "fc5d5f86e5c30d9c2c67c0c4ca83bfe26c6fb6fe",
      "old_mode": 33188,
      "old_path": "crypto/rsa_extra/rsa_test.cc",
      "new_id": "87e0396d1fac2c6ef6c5c4d30e4c5ea30e6ff9b5",
      "new_mode": 33188,
      "new_path": "crypto/rsa_extra/rsa_test.cc"
    }
  ]
}