diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2018-04-25 21:47:20 +0200 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2018-07-26 06:40:50 +0200 |
commit | 7a23bff90ef4466d741e46c5cf9e467b25c6ad4f (patch) | |
tree | 4676830e1a4e9936fce92980e2dd5c0681117b3a | |
parent | 9df990cdef581f7330205aef975055e23d8e8d43 (diff) |
Change the number of Miller-Rabin test for DSA generation to 64
This changes the security level from 100 to 128 bit.
We only have 1 define, this sets it to the highest level supported for
DSA, and needed for keys larger than 3072 bit.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #6075
(cherry picked from commit 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8)
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | crypto/dsa/dsa.h | 8 |
2 files changed, 8 insertions, 3 deletions
@@ -9,6 +9,9 @@ Changes between 1.0.2o and 1.0.2p [xx XXX xxxx] + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + *) Add blinding to ECDSA and DSA signatures to protect against side channel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 7f8346d72d..3e6984eabd 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -249,10 +249,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif -# define DSS_prime_checks 50 +# define DSS_prime_checks 64 /* - * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of - * Rabin-Miller + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. */ # define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) |