[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Rich Salz
rsalz at openssl.org
Fri Sep 18 19:56:51 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via 628c15039fd3e20980a587b71683d786a8addcd4 (commit)
from a50a8a76dd19bdcb3c2544fbf36e9238779cef3a (commit)
- Log -----------------------------------------------------------------
commit 628c15039fd3e20980a587b71683d786a8addcd4
Author: Rich Salz <rsalz at akamai.com>
Date: Thu Sep 17 21:53:43 2015 -0400
This undoes GH367 for non-master
Was only approved for master, to avoid compatibility issues on
previous releases.
Reviewed-by: Emilia Käsper <emilia at openssl.org>
(cherry picked from commit 6be18a22199de4d114b53686c31ba02723fc2c18)
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_gen.c | 33 +++++++++++++++++++--------------
doc/crypto/DSA_generate_parameters.pod | 11 ++++++-----
2 files changed, 25 insertions(+), 19 deletions(-)
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 1f12d6b..d686ab0 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -161,15 +161,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
bits = (bits + 63) / 64 * 64;
- if (seed_in != NULL) {
- if (seed_len < (size_t)qsize)
- return 0;
- if (seed_len > (size_t)qsize) {
- /* Only consume as much seed as is expected. */
- seed_len = qsize;
- }
+ /*
+ * NB: seed_len == 0 is special case: copy generated seed to seed_in if
+ * it is not NULL.
+ */
+ if (seed_len && (seed_len < (size_t)qsize))
+ seed_in = NULL; /* seed buffer too small -- ignore */
+ if (seed_len > (size_t)qsize)
+ seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger
+ * SEED, but our internal buffers are
+ * restricted to 160 bits */
+ if (seed_in != NULL)
memcpy(seed, seed_in, seed_len);
- }
if ((ctx = BN_CTX_new()) == NULL)
goto err;
@@ -192,18 +195,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
for (;;) {
for (;;) { /* find q */
- int use_random_seed = (seed_in == NULL);
+ int seed_is_random;
/* step 1 */
if (!BN_GENCB_call(cb, 0, m++))
goto err;
- if (use_random_seed) {
- if (RAND_bytes(seed, qsize) <= 0)
+ if (!seed_len) {
+ if (RAND_pseudo_bytes(seed, qsize) < 0)
goto err;
+ seed_is_random = 1;
} else {
- /* If we come back through, use random seed next time. */
- seed_in = NULL;
+ seed_is_random = 0;
+ seed_len = 0; /* use random seed if 'seed_in' turns out to
+ * be bad */
}
memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize);
@@ -230,7 +235,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
- use_random_seed, cb);
+ seed_is_random, cb);
if (r > 0)
break;
if (r != 0)
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index b64a276..be7c924 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -17,12 +17,13 @@ DSA_generate_parameters - generate DSA parameters
DSA_generate_parameters() generates primes p and q and a generator g
for use in the DSA.
-B<bits> is the length of the prime p to be generated.
-For lengths under 2048 bits, the length of q is 160 bits; for lengths
-greater than or equal to 2048 bits, the length of q is set to 256 bits.
+B<bits> is the length of the prime to be generated; the DSS allows a
+maximum of 1024 bits.
-If B<seed> is NULL, the primes will be generated at random.
-If B<seed_len> is less than the length of q, an error is returned.
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at B<seed>.
DSA_generate_parameters() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
More information about the openssl-commits
mailing list