[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Rich Salz
rsalz at openssl.org
Fri Aug 28 15:25:49 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via 9a9744646805bcf5d25af990be0533f71bf5edd5 (commit)
from 80c25ba6764c797f52982d45a12414618d48524a (commit)
- Log -----------------------------------------------------------------
commit 9a9744646805bcf5d25af990be0533f71bf5edd5
Author: Ismo Puustinen <ismo.puustinen at intel.com>
Date: Fri Aug 7 22:14:47 2015 -0400
GH367: Fix dsa keygen for too-short seed
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.
Signed-off-by: Rich Salz <rsalz at akamai.com>
Reviewed-by: Emilia Käsper <emilia at openssl.org>
(cherry picked from commit f00a10b89734e84fe80f98ad9e2e77b557c701ae)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 7 ++++++-
crypto/dsa/dsa_gen.c | 31 +++++++++++++------------------
doc/crypto/DSA_generate_parameters.pod | 11 +++++------
3 files changed, 24 insertions(+), 25 deletions(-)
diff --git a/CHANGES b/CHANGES
index c2aba4b..6e19f3d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,12 @@
Changes between 1.0.1p and 1.0.1q [xx XXX xxxx]
- *)
+ *) In DSA_generate_parameters_ex, if the provided seed is too short,
+ return an error
+ [Rich Salz and Ismo Puustinen <ismo.puustinen at intel.com>]
+
+ *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
+ from RFC4279, RFC4785, RFC5487, RFC5489.
Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index d686ab0..44c47a3 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -161,18 +161,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
bits = (bits + 63) / 64 * 64;
- /*
- * NB: seed_len == 0 is special case: copy generated seed to seed_in if
- * it is not NULL.
- */
- if (seed_len && (seed_len < (size_t)qsize))
- seed_in = NULL; /* seed buffer too small -- ignore */
- if (seed_len > (size_t)qsize)
- seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger
- * SEED, but our internal buffers are
- * restricted to 160 bits */
- if (seed_in != NULL)
+ if (seed_in != NULL) {
+ if (seed_len < (size_t)qsize)
+ return 0;
+ if (seed_len > (size_t)qsize) {
+ /* Don't overflow seed local variable. */
+ seed_len = qsize;
+ }
memcpy(seed, seed_in, seed_len);
+ }
if ((ctx = BN_CTX_new()) == NULL)
goto err;
@@ -195,20 +192,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
for (;;) {
for (;;) { /* find q */
- int seed_is_random;
+ int seed_is_random = seed_in == NULL;
/* step 1 */
if (!BN_GENCB_call(cb, 0, m++))
goto err;
- if (!seed_len) {
- if (RAND_pseudo_bytes(seed, qsize) < 0)
+ if (seed_is_random) {
+ if (RAND_bytes(seed, qsize) <= 0)
goto err;
- seed_is_random = 1;
} else {
- seed_is_random = 0;
- seed_len = 0; /* use random seed if 'seed_in' turns out to
- * be bad */
+ /* If we come back through, use random seed next time. */
+ seed_in = NULL;
}
memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize);
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index be7c924..ae30824 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -17,13 +17,12 @@ DSA_generate_parameters - generate DSA parameters
DSA_generate_parameters() generates primes p and q and a generator g
for use in the DSA.
-B<bits> is the length of the prime to be generated; the DSS allows a
-maximum of 1024 bits.
+B<bits> is the length of the prime p to be generated.
+For lengths under 2048 bits, the length of q is 160 bits; for lengths
+at least 2048, it is set to 256 bits.
-If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
-generated at random. Otherwise, the seed is used to generate
-them. If the given seed does not yield a prime q, a new random
-seed is chosen and placed at B<seed>.
+If B<seed> is NULL, the primes will be generated at random.
+If B<seed_len> is less than the length of q, an error is returned.
DSA_generate_parameters() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
More information about the openssl-commits
mailing list