Add DSA keygen to provider

[thirdparty/openssl.git] / crypto / dsa / dsa_key.c

diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 2dec35f28f9c0a6bbe7cf9d92eaa5df479513ff8..1d625272e506681fee26b6ef70ebeba17a2a9979 100644 (file)
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -21,6 +21,12 @@
 #include "crypto/dsa.h"
 #include "dsa_local.h"
 
+#ifdef FIPS_MODE
+# define MIN_STRENGTH 112
+#else
+# define MIN_STRENGTH 80
+#endif
+
 static int dsa_keygen(DSA *dsa, int pairwise_test);
 static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg);
 
@@ -69,7 +75,7 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
     }
 
     if (!ffc_generate_private_key(ctx, &dsa->params, BN_num_bits(dsa->params.q),
-                                  112, priv_key))
+                                  MIN_STRENGTH, priv_key))
         goto err;
 
     if (dsa->pub_key == NULL) {