diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-02-11 14:38:39 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-02-11 14:38:39 +0000 |
commit | 16a7fcc44715101656e5e0292b3c68b7dd22911d (patch) | |
tree | 95ad2f438826e80f2ea508d3e6dfc27dd53d597d /crypto/dsa/dsa_gen.c | |
parent | a1a5885b6400cbc7475934771e2626caa161c24e (diff) | |
download | openssl-16a7fcc44715101656e5e0292b3c68b7dd22911d.zip openssl-16a7fcc44715101656e5e0292b3c68b7dd22911d.tar.gz openssl-16a7fcc44715101656e5e0292b3c68b7dd22911d.tar.bz2 |
Return security strength for supported DSA parameters: will be used
later.
Diffstat (limited to 'crypto/dsa/dsa_gen.c')
-rw-r--r-- | crypto/dsa/dsa_gen.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 593ae55..31ce1d4 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -369,18 +369,21 @@ err: return ok; } -/* Permissible parameter values for (L,N): see FIPS186-3 4.2 */ +/* Security strength of parameter values for (L,N): see FIPS186-3 4.2 + * and SP800-131A + */ + -static int dsa2_check_params(size_t L, size_t N) +static int dsa2_security_strength(size_t L, size_t N) { if (L == 1024 && N == 160) - return 1; + return 80; if (L == 2048 && N == 224) - return 1; + return 112; if (L == 2048 && N == 256) - return 1; + return 112; if (L == 3072 && N == 256) - return 1; + return 112; return 0; } @@ -414,7 +417,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, goto err; } #endif - if (!dsa2_check_params(L, N)) + if (!dsa2_security_strength(L, N)) { DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); ok = 0; |