#include "crypto/bn.h"
#include "crypto/dh.h"
+#ifdef FIPS_MODE
+# define MIN_STRENGTH 112
+#else
+# define MIN_STRENGTH 80
+#endif
+
static int generate_key(DH *dh);
static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
* Max Private key size N = len(q)
*/
if (!ffc_generate_private_key(ctx, &dh->params,
- BN_num_bits(dh->params.q), 112,
+ BN_num_bits(dh->params.q),
+ MIN_STRENGTH,
priv_key))
goto err;
}