Return security strength for supported DSA parameters: will be used

later.
author: Dr. Stephen Henson <steve@openssl.org> 2011-02-11 14:38:39 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-02-11 14:38:39 +0000
commit: 16a7fcc44715101656e5e0292b3c68b7dd22911d (patch)
tree: 95ad2f438826e80f2ea508d3e6dfc27dd53d597d /crypto/dsa
parent: a1a5885b6400cbc7475934771e2626caa161c24e (diff)
1 files changed, 10 insertions, 7 deletions
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 593ae55848..31ce1d49a6 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -369,18 +369,21 @@ err:
 	return ok;
 	}
 
-/* Permissible parameter values for (L,N): see FIPS186-3 4.2 */
+/* Security strength of parameter values for (L,N): see FIPS186-3 4.2
+ * and SP800-131A
+ */
+
 
-static int dsa2_check_params(size_t L, size_t N)
+static int dsa2_security_strength(size_t L, size_t N)
 	{
 	if (L == 1024 && N == 160)
-		return 1;
+		return 80;
 	if (L == 2048 && N == 224)
-		return 1;
+		return 112;
 	if (L == 2048 && N == 256)
-		return 1;
+		return 112;
 	if (L == 3072 && N == 256)
-		return 1;
+		return 112;
 	return 0;
 	}
 
@@ -414,7 +417,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 	    goto err;
 	    }
 #endif
-	if (!dsa2_check_params(L, N))
+	if (!dsa2_security_strength(L, N))
 		{
 		DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
 		ok = 0;
author	Dr. Stephen Henson <steve@openssl.org>	2011-02-11 14:38:39 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-02-11 14:38:39 +0000
commit	16a7fcc44715101656e5e0292b3c68b7dd22911d (patch)
tree	95ad2f438826e80f2ea508d3e6dfc27dd53d597d /crypto/dsa
parent	a1a5885b6400cbc7475934771e2626caa161c24e (diff)