diff options
| author | Ismo Puustinen <ismo.puustinen@intel.com> | 2015-08-07 22:14:47 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-08-27 22:57:00 -0400 |
| commit | f00a10b89734e84fe80f98ad9e2e77b557c701ae (patch) | |
| tree | 02de00521051974d7b2caa2d1c4925cb3c98fcac /crypto/dsa/dsa_gen.c | |
| parent | 3c65047d30dacca345d30269b95af4a5c413e8d1 (diff) | |
| download | openssl-f00a10b89734e84fe80f98ad9e2e77b557c701ae.zip openssl-f00a10b89734e84fe80f98ad9e2e77b557c701ae.tar.gz openssl-f00a10b89734e84fe80f98ad9e2e77b557c701ae.tar.bz2 | |
GH367: Fix dsa keygen for too-short seed
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'crypto/dsa/dsa_gen.c')
| -rw-r--r-- | crypto/dsa/dsa_gen.c | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index e030cfa..a4fae17 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -132,18 +132,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, bits = (bits + 63) / 64 * 64; - /* - * NB: seed_len == 0 is special case: copy generated seed to seed_in if - * it is not NULL. - */ - if (seed_len && (seed_len < (size_t)qsize)) - seed_in = NULL; /* seed buffer too small -- ignore */ - if (seed_len > (size_t)qsize) - seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger - * SEED, but our internal buffers are - * restricted to 160 bits */ - if (seed_in != NULL) + if (seed_in != NULL) { + if (seed_len < (size_t)qsize) + return 0; + if (seed_len > (size_t)qsize) { + /* Don't overflow seed local variable. */ + seed_len = qsize; + } memcpy(seed, seed_in, seed_len); + } if ((ctx = BN_CTX_new()) == NULL) goto err; @@ -166,20 +163,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, for (;;) { for (;;) { /* find q */ - int seed_is_random; + int seed_is_random = seed_in == NULL; /* step 1 */ if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (!seed_len) { + if (seed_is_random) { if (RAND_bytes(seed, qsize) <= 0) goto err; - seed_is_random = 1; } else { - seed_is_random = 0; - seed_len = 0; /* use random seed if 'seed_in' turns out to - * be bad */ + /* If we come back through, use random seed next time. */ + seed_in = NULL; } memcpy(buf, seed, qsize); memcpy(buf2, seed, qsize); |