diff options
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | crypto/dsa/dsa_gen.c | 29 | ||||
| -rw-r--r-- | doc/crypto/DSA_generate_parameters.pod | 11 |
3 files changed, 21 insertions, 23 deletions
@@ -4,6 +4,10 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>] + *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites from RFC4279, RFC4785, RFC5487, RFC5489. diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index e030cfa1e9..a4fae17667 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -132,18 +132,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, bits = (bits + 63) / 64 * 64; - /* - * NB: seed_len == 0 is special case: copy generated seed to seed_in if - * it is not NULL. - */ - if (seed_len && (seed_len < (size_t)qsize)) - seed_in = NULL; /* seed buffer too small -- ignore */ - if (seed_len > (size_t)qsize) - seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger - * SEED, but our internal buffers are - * restricted to 160 bits */ - if (seed_in != NULL) + if (seed_in != NULL) { + if (seed_len < (size_t)qsize) + return 0; + if (seed_len > (size_t)qsize) { + /* Don't overflow seed local variable. */ + seed_len = qsize; + } memcpy(seed, seed_in, seed_len); + } if ((ctx = BN_CTX_new()) == NULL) goto err; @@ -166,20 +163,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, for (;;) { for (;;) { /* find q */ - int seed_is_random; + int seed_is_random = seed_in == NULL; /* step 1 */ if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (!seed_len) { + if (seed_is_random) { if (RAND_bytes(seed, qsize) <= 0) goto err; - seed_is_random = 1; } else { - seed_is_random = 0; - seed_len = 0; /* use random seed if 'seed_in' turns out to - * be bad */ + /* If we come back through, use random seed next time. */ + seed_in = NULL; } memcpy(buf, seed, qsize); memcpy(buf2, seed, qsize); diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index d2a0418b52..92c89a07eb 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -23,13 +23,12 @@ Deprecated: DSA_generate_parameters_ex() generates primes p and q and a generator g for use in the DSA and stores the result in B<dsa>. -B<bits> is the length of the prime to be generated; the DSS allows a -maximum of 1024 bits. +B<bits> is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +at least 2048, it is set to 256 bits. -If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be -generated at random. Otherwise, the seed is used to generate -them. If the given seed does not yield a prime q, a new random -seed is chosen and placed at B<seed>. +If B<seed> is NULL, the primes will be generated at random. +If B<seed_len> is less than the length of q, an error is returned. DSA_generate_parameters_ex() places the iteration count in *B<counter_ret> and a counter used for finding a generator in |