2 files changed, 6 insertions, 4 deletions

diff --git a/lib/libcrypto/rsa/rsa_locl.h b/lib/libcrypto/rsa/rsa_locl.h
index 0d867997773..a10ea958b58 100644
--- a/lib/libcrypto/rsa/rsa_locl.h
+++ b/lib/libcrypto/rsa/rsa_locl.h
@@ -1,7 +1,9 @@
-/* $OpenBSD: rsa_locl.h,v 1.6 2019/10/24 16:26:13 jsing Exp $ */
+/* $OpenBSD: rsa_locl.h,v 1.7 2019/10/31 13:10:40 jsing Exp $ */
 
 __BEGIN_HIDDEN_DECLS
 
+#define RSA_MIN_MODULUS_BITS	512
+
 typedef struct rsa_oaep_params_st {
 	X509_ALGOR *hashFunc;
 	X509_ALGOR *maskGenFunc;
diff --git a/lib/libcrypto/rsa/rsa_pmeth.c b/lib/libcrypto/rsa/rsa_pmeth.c
index 1d51e52fe26..1b6d1de35de 100644
--- a/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.29 2019/10/31 13:06:30 jsing Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.30 2019/10/31 13:10:40 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -454,8 +454,8 @@ pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		return 1;
 
 	case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
-		if (p1 < 256) {
-			RSAerror(RSA_R_INVALID_KEYBITS);
+		if (p1 < RSA_MIN_MODULUS_BITS) {
+			RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
 			return -2;
 		}
 		rctx->nbits = p1;