From 68e64cfceb57e3460637a1b1633ebe7a7b9d2c3f Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 20 Nov 2024 13:59:09 +0100
Subject: [PATCH] crypto/rsa: refuse to generate and/or use keys smaller than
 1024 bits

Fixes #68762

Change-Id: Id89c770571d7cc27c6cf7932139ec3424383a7ef
Reviewed-on: https://go-review.googlesource.com/c/go/+/629938
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 fips_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fips_test.go b/fips_test.go
index 5447aa1..52266de 100644
--- a/fips_test.go
+++ b/fips_test.go
@@ -350,7 +350,7 @@ func TestFIPSCertAlgs(t *testing.T) {
 	// Set up some roots, intermediate CAs, and leaf certs with various algorithms.
 	// X_Y is X signed by Y.
 	R1 := fipsCert(t, "R1", fipsRSAKey(t, 2048), nil, fipsCertCA|fipsCertFIPSOK)
-	R2 := fipsCert(t, "R2", fipsRSAKey(t, 512), nil, fipsCertCA)
+	R2 := fipsCert(t, "R2", fipsRSAKey(t, 1024), nil, fipsCertCA)
 	R3 := fipsCert(t, "R3", fipsRSAKey(t, 4096), nil, fipsCertCA|fipsCertFIPSOK)
 
 	M1_R1 := fipsCert(t, "M1_R1", fipsECDSAKey(t, elliptic.P256()), R1, fipsCertCA|fipsCertFIPSOK)