Fix dsa securitycheck for fips.

Fixes #12627

Changed security check for DSA verification to match SP800-131Ar2 when
the security strength is < 112.
Fixed compilation error when using config opt 'no-fips-securitychecks'
Removed TODO's from 20-test_cli_fips.t - there is no longer an TODO error.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13387)

1 files changed, 6 insertions, 5 deletions

diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index a95fa9dda9..9d02536c38 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -129,12 +129,13 @@ int dsa_check_key(const DSA *dsa, int sign)
         N = BN_num_bits(q);
 
         /*
-         * Valid sizes or verification - Note this could be a fips186-2 type
-         * key - so we allow 512 also. When this is no longer suppported the
-         * lower bound should be increased to 1024.
+         * For Digital signature verification DSA keys with < 112 bits of
+         * security strength (i.e L < 2048 bits), are still allowed for legacy
+         * use. The bounds given in SP800 131Ar2 - Table 2 are
+         * (512 <= L < 2048 and 160 <= N < 224)
          */
-        if (!sign)
-            return (L >= 512 && N >= 160);
+        if (!sign && L < 2048)
+            return (L >= 512 && N >= 160 && N < 224);
 
          /* Valid sizes for both sign and verify */
         if (L == 2048 && (N == 224 || N == 256))