From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 11 Feb 2011 14:38:39 +0000 (+0000)
Subject: Return security strength for supported DSA parameters: will be used
X-Git-Tag: OpenSSL-fips-2_0-rc1~765
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=16a7fcc44715101656e5e0292b3c68b7dd22911d;p=oweals%2Fopenssl.git

Return security strength for supported DSA parameters: will be used
later.
---

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 593ae55848..31ce1d49a6 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -369,18 +369,21 @@ err:
 	return ok;
 	}
 
-/* Permissible parameter values for (L,N): see FIPS186-3 4.2 */
+/* Security strength of parameter values for (L,N): see FIPS186-3 4.2
+ * and SP800-131A
+ */
+
 
-static int dsa2_check_params(size_t L, size_t N)
+static int dsa2_security_strength(size_t L, size_t N)
 	{
 	if (L == 1024 && N == 160)
-		return 1;
+		return 80;
 	if (L == 2048 && N == 224)
-		return 1;
+		return 112;
 	if (L == 2048 && N == 256)
-		return 1;
+		return 112;
 	if (L == 3072 && N == 256)
-		return 1;
+		return 112;
 	return 0;
 	}
 
@@ -414,7 +417,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 	    goto err;
 	    }
 #endif
-	if (!dsa2_check_params(L, N))
+	if (!dsa2_security_strength(L, N))
 		{
 		DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
 		ok = 0;