Change the number of Miller-Rabin test for DSA generation to 64

This changes the security level from 100 to 128 bit. We only have 1 define, this sets it to the highest level supported for DSA, and needed for keys larger than 3072 bit. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Matthias St. Pierre <[email protected]> Reviewed-by: Paul Dale <[email protected]> GH: openssl#6075
samhodge · Jul 26, 2018 · 74ee379 · 74ee379
1 parent 7c226df
commit 74ee379
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/CHANGES b/CHANGES
@@ -9,6 +9,9 @@
 
  Changes between 1.1.0h and 1.1.1 [xx XXX xxxx]
 
+  *) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
+     [Kurt Roeckx]
+
   *) The 'tsget' script is renamed to 'tsget.pl', to avoid confusion when
      moving between systems, and to avoid confusion when a Windows build is
      done with mingw vs with MSVC.  For POSIX installs, there's still a

diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
@@ -141,10 +141,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x);
 int DSA_print_fp(FILE *bp, const DSA *x, int off);
 # endif
 
-# define DSS_prime_checks 50
+# define DSS_prime_checks 64
 /*
- * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
- * Rabin-Miller
+ * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
+ * have one value here we set the number of checks to 64 which is the 128 bit
+ * security level that is the highest level and valid for creating a 3072 bit
+ * DSA key.
  */
 # define DSA_is_prime(n, callback, cb_arg) \
         BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)