From 16a7fcc44715101656e5e0292b3c68b7dd22911d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 11 Feb 2011 14:38:39 +0000
Subject: [PATCH] Return security strength for supported DSA parameters: will
 be used later.

---
 crypto/dsa/dsa_gen.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 593ae5584..31ce1d49a 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -369,18 +369,21 @@ err:
 	return ok;
 	}
 
-/* Permissible parameter values for (L,N): see FIPS186-3 4.2 */
+/* Security strength of parameter values for (L,N): see FIPS186-3 4.2
+ * and SP800-131A
+ */
 
-static int dsa2_check_params(size_t L, size_t N)
+
+static int dsa2_security_strength(size_t L, size_t N)
 	{
 	if (L == 1024 && N == 160)
-		return 1;
+		return 80;
 	if (L == 2048 && N == 224)
-		return 1;
+		return 112;
 	if (L == 2048 && N == 256)
-		return 1;
+		return 112;
 	if (L == 3072 && N == 256)
-		return 1;
+		return 112;
 	return 0;
 	}
 
@@ -414,7 +417,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 	    goto err;
 	    }
 #endif
-	if (!dsa2_check_params(L, N))
+	if (!dsa2_security_strength(L, N))
 		{
 		DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
 		ok = 0;