From d72b516c29e21f07e2dac2612d9571614172a304 Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Tue, 23 Jan 2018 13:19:27 -0500
Subject: [PATCH] Make 2048-bit modulus default for DSA (GH #571)

---
 dsa.h        |  2 +-
 gfpcrypt.cpp |  2 +-
 gfpcrypt.h   | 24 +++++++++++++++++++++---
 tiger.h      |  2 +-
 4 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/dsa.h b/dsa.h
index 21cd1a74..cd3f0ae7 100644
--- a/dsa.h
+++ b/dsa.h
@@ -13,7 +13,7 @@ NAMESPACE_BEGIN(CryptoPP)
 
 /// \brief DSA Signature Format
 /// \details The DSA signature format used by Crypto++ is as defined by IEEE P1363.
-///   Java nad .Net use the DER format, and OpenPGP uses the OpenPGP format.
+///   Java and .Net use the DER format, and OpenPGP uses the OpenPGP format.
 enum DSASignatureFormat {
 	/// \brief Crypto++ native signature encoding format
 	DSA_P1363,
diff --git a/gfpcrypt.cpp b/gfpcrypt.cpp
index 6494b084..c54c4ee1 100644
--- a/gfpcrypt.cpp
+++ b/gfpcrypt.cpp
@@ -45,7 +45,7 @@ void DL_GroupParameters_DSA::GenerateRandom(RandomNumberGenerator &rng, const Na
 	}
 	else
 	{
-		int modulusSize = 1024, defaultSubgroupOrderSize;
+		int modulusSize = 2048, defaultSubgroupOrderSize;
 		alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
 
 		switch (modulusSize)
diff --git a/gfpcrypt.h b/gfpcrypt.h
index 20ecd8d8..1b26a56b 100644
--- a/gfpcrypt.h
+++ b/gfpcrypt.h
@@ -628,9 +628,27 @@ struct DL_Keys_DSA
 
 /// \brief DSA signature scheme
 /// \tparam H HashTransformation derived class
-/// \details The class is named DSA2 instead of DSA for backwards compatibility because DSA was a non-template class.
-/// \sa <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">DSA</a>, as specified in FIPS 186-3
-/// \since Crypto++ 1.0 for DSA, Crypto++ 5.6.2 for DSA2
+/// \details The class is named DSA2 instead of DSA for backwards compatibility because
+///   DSA was a non-template class.
+/// \details DSA default method GenerateRandom uses a 2048-bit modulus and a 224-bit subgoup by default.
+///   The modulus can be changed using the following code:
+/// <pre>
+///   DSA::PrivateKey privateKey;
+///   privateKey.GenerateRandomWithKeySize(prng, 2048);
+/// </pre>
+/// \details The subgroup order can be changed using the following code:
+/// <pre>
+///   AlgorithmParameters params = MakeParameters
+///     (Name::ModulusSize(), 2048)
+///     (Name::SubgroupOrderSize(), 256);
+///
+///   DSA::PrivateKey privateKey;
+///   privateKey.GenerateRandom(prng, params);
+/// </pre>
+/// \sa <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">DSA</a>, as specified in FIPS 186-3,
+///   <a href="https://www.cryptopp.com/wiki/Digital_Signature_Algorithm">Digital Signature Algorithm</a> on the wiki, and
+///   <a href="https://www.cryptopp.com/wiki/NameValuePairs">NameValuePairs</a> on the wiki.
+/// \since Crypto++ 1.0 for DSA, Crypto++ 5.6.2 for DSA2, Crypto++ 6.1 for 2048-bit modulus.
 template <class H>
 class DSA2 : public DL_SS<
     DL_Keys_DSA,
diff --git a/tiger.h b/tiger.h
index 107a5d1c..2e1d9343 100644
--- a/tiger.h
+++ b/tiger.h
@@ -18,7 +18,7 @@
 
 NAMESPACE_BEGIN(CryptoPP)
 
-/// \brief Tiger message digest 
+/// \brief Tiger message digest
 /// \sa <a href="http://www.cryptolounge.org/wiki/Tiger">Tiger</a>
 /// \since Crypto++ 2.1
 class Tiger : public IteratedHashWithStaticTransform<word64, LittleEndian, 64, 24, Tiger>