Add DSA keygen to provider

[openssl.git] / crypto / dh / dh_key.c

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index ab2e25ea87252636e9866300d5588149a11ca66a..e46946153be195eb6fca577cd805db013e413242 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -19,6 +19,12 @@
 #include "crypto/bn.h"
 #include "crypto/dh.h"
 
+#ifdef FIPS_MODE
+# define MIN_STRENGTH 112
+#else
+# define MIN_STRENGTH 80
+#endif
+
 static int generate_key(DH *dh);
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
                          const BIGNUM *a, const BIGNUM *p,
@@ -287,7 +293,8 @@ static int generate_key(DH *dh)
                  * Max Private key size N = len(q)
                  */
                 if (!ffc_generate_private_key(ctx, &dh->params,
-                                              BN_num_bits(dh->params.q), 112,
+                                              BN_num_bits(dh->params.q),
+                                              MIN_STRENGTH,
                                               priv_key))
                     goto err;
             }