[openssl] master update

Thu Apr 1 13:50:53 UTC 2021

The branch master has been updated
       via  1f99b53fe57997b72f196d54769a2fc789c69a11 (commit)
      from  492bc359dccdcc586836f1845e8ffc6957406256 (commit)


- Log -----------------------------------------------------------------
commit 1f99b53fe57997b72f196d54769a2fc789c69a11
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue Mar 30 13:23:12 2021 +0200

    DSA_generate_parameters_ex: use the old method for all small keys
    
    Fixes #14733
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14744)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dsa/dsa_gen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 3c46673984..a450921412 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -58,7 +58,7 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits,
         return 0;
 
     /* The old code used FIPS 186-2 DSA Parameter generation */
-    if (bits <= 1024 && seed_len == 20) {
+    if (bits < 2048 && seed_len <= 20) {
         if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,
                                               bits, 160, cb))
             return 0;
