[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Rich Salz rsalz at openssl.org
Fri Sep 18 19:56:57 UTC 2015


The branch OpenSSL_1_0_2-stable has been updated
       via  6be18a22199de4d114b53686c31ba02723fc2c18 (commit)
      from  197db2143c9e0324300cc631740844df651a05ff (commit)


- Log -----------------------------------------------------------------
commit 6be18a22199de4d114b53686c31ba02723fc2c18
Author: Rich Salz <rsalz at akamai.com>
Date:   Thu Sep 17 21:53:43 2015 -0400

    This undoes GH367 for non-master
    
    Was only approved for master, to avoid compatibility issues on
    previous releases.
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/dsa/dsa_gen.c                   | 33 +++++++++++++++++++--------------
 doc/crypto/DSA_generate_parameters.pod | 11 ++++++-----
 2 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index f65790c..5a328aa 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -163,15 +163,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
 
     bits = (bits + 63) / 64 * 64;
 
-    if (seed_in != NULL) {
-        if (seed_len < (size_t)qsize)
-            return 0;
-        if (seed_len > (size_t)qsize) {
-            /* Only consume as much seed as is expected. */
-            seed_len = qsize;
-        }
+    /*
+     * NB: seed_len == 0 is special case: copy generated seed to seed_in if
+     * it is not NULL.
+     */
+    if (seed_len && (seed_len < (size_t)qsize))
+        seed_in = NULL;         /* seed buffer too small -- ignore */
+    if (seed_len > (size_t)qsize)
+        seed_len = qsize;       /* App. 2.2 of FIPS PUB 186 allows larger
+                                 * SEED, but our internal buffers are
+                                 * restricted to 160 bits */
+    if (seed_in != NULL)
         memcpy(seed, seed_in, seed_len);
-    }
 
     if ((ctx = BN_CTX_new()) == NULL)
         goto err;
@@ -194,18 +197,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
 
     for (;;) {
         for (;;) {              /* find q */
-            int use_random_seed = (seed_in == NULL);
+            int seed_is_random;
 
             /* step 1 */
             if (!BN_GENCB_call(cb, 0, m++))
                 goto err;
 
-            if (use_random_seed) {
-                if (RAND_bytes(seed, qsize) <= 0)
+            if (!seed_len) {
+                if (RAND_pseudo_bytes(seed, qsize) < 0)
                     goto err;
+                seed_is_random = 1;
             } else {
-                /* If we come back through, use random seed next time. */
-                seed_in = NULL;
+                seed_is_random = 0;
+                seed_len = 0;   /* use random seed if 'seed_in' turns out to
+                                 * be bad */
             }
             memcpy(buf, seed, qsize);
             memcpy(buf2, seed, qsize);
@@ -232,7 +237,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
 
             /* step 4 */
             r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
-                                        use_random_seed, cb);
+                                        seed_is_random, cb);
             if (r > 0)
                 break;
             if (r != 0)
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index 116ff09..16a67f2 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -23,12 +23,13 @@ Deprecated:
 DSA_generate_parameters_ex() generates primes p and q and a generator g
 for use in the DSA and stores the result in B<dsa>.
 
-B<bits> is the length of the prime p to be generated.
-For lengths under 2048 bits, the length of q is 160 bits; for lengths
-greater than or equal to 2048 bits, the length of q is set to 256 bits.
+B<bits> is the length of the prime to be generated; the DSS allows a
+maximum of 1024 bits.
 
-If B<seed> is NULL, the primes will be generated at random.
-If B<seed_len> is less than the length of q, an error is returned.
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at B<seed>.
 
 DSA_generate_parameters_ex() places the iteration count in
 *B<counter_ret> and a counter used for finding a generator in


More information about the openssl-commits mailing list