From: Matt Caswell <matt@openssl.org>
Date: Wed, 18 Oct 2017 09:23:33 +0000 (+0100)
Subject: Correct value for BN_security_bits()
X-Git-Tag: OpenSSL_1_1_0g~28
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=84a85b5755befabd450fbb7cc63d5e23a268ddb0;p=oweals%2Fopenssl.git

Correct value for BN_security_bits()

The function BN_security_bits() uses the values from SP800-57 to assign
security bit values for different FF key sizes. However the value for 192
security bits is wrong. SP800-57 has it as 7680 but the code had it as
7690.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4546)

(cherry picked from commit c9fe362303fc54ff19bde7511475f28663f7d554)
---

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index c2dff7da9b..d7c5fc3c97 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -897,7 +897,7 @@ int BN_security_bits(int L, int N)
     int secbits, bits;
     if (L >= 15360)
         secbits = 256;
-    else if (L >= 7690)
+    else if (L >= 7680)
         secbits = 192;
     else if (L >= 3072)
         secbits = 128;