diff options
author | Ismo Puustinen <ismo.puustinen@intel.com> | 2015-09-18 16:07:23 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-09-29 12:50:14 -0400 |
commit | 63bd50533e42ca1823a92e4ed18485d6b3dea27d (patch) | |
tree | 0c31a982b47cfbc3fe90abd5557665d78faaa7d1 | |
parent | 5872c513574c2d6720155c6316d1c53de2e916a6 (diff) |
GH367: use random data if seed too short.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 6f997dc36504d67d1339ceb6bce4ecba673d8568)
-rw-r--r-- | crypto/dsa/dsa_gen.c | 5 | ||||
-rw-r--r-- | doc/crypto/DSA_generate_parameters.pod | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 4f55331b2b..f6d7bc4795 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -183,8 +183,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (!seed_len) { - RAND_pseudo_bytes(seed, qsize); + if (!seed_len || !seed_in) { + if (RAND_pseudo_bytes(seed, qsize) < 0) + goto err; seed_is_random = 1; } else { seed_is_random = 0; diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index be7c924ff8..f24c9c7d44 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -23,7 +23,7 @@ maximum of 1024 bits. If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random -seed is chosen and placed at B<seed>. +seed is chosen. DSA_generate_parameters() places the iteration count in *B<counter_ret> and a counter used for finding a generator in |