The branch OpenSSL_1_0_1-stable has been updated via 9a9744646805bcf5d25af990be0533f71bf5edd5 (commit) from 80c25ba6764c797f52982d45a12414618d48524a (commit)
- Log ----------------------------------------------------------------- commit 9a9744646805bcf5d25af990be0533f71bf5edd5 Author: Ismo Puustinen <ismo.puusti...@intel.com> Date: Fri Aug 7 22:14:47 2015 -0400 GH367: Fix dsa keygen for too-short seed If the seed value for dsa key generation is too short (< qsize), return an error. Also update the documentation. Signed-off-by: Rich Salz <rs...@akamai.com> Reviewed-by: Emilia Käsper <emi...@openssl.org> (cherry picked from commit f00a10b89734e84fe80f98ad9e2e77b557c701ae) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 ++++++- crypto/dsa/dsa_gen.c | 31 +++++++++++++------------------ doc/crypto/DSA_generate_parameters.pod | 11 +++++------ 3 files changed, 24 insertions(+), 25 deletions(-) diff --git a/CHANGES b/CHANGES index c2aba4b..6e19f3d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,12 @@ Changes between 1.0.1p and 1.0.1q [xx XXX xxxx] - *) + *) In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + [Rich Salz and Ismo Puustinen <ismo.puusti...@intel.com>] + + *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites + from RFC4279, RFC4785, RFC5487, RFC5489. Changes between 1.0.1o and 1.0.1p [9 Jul 2015] diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index d686ab0..44c47a3 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -161,18 +161,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, bits = (bits + 63) / 64 * 64; - /* - * NB: seed_len == 0 is special case: copy generated seed to seed_in if - * it is not NULL. - */ - if (seed_len && (seed_len < (size_t)qsize)) - seed_in = NULL; /* seed buffer too small -- ignore */ - if (seed_len > (size_t)qsize) - seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger - * SEED, but our internal buffers are - * restricted to 160 bits */ - if (seed_in != NULL) + if (seed_in != NULL) { + if (seed_len < (size_t)qsize) + return 0; + if (seed_len > (size_t)qsize) { + /* Don't overflow seed local variable. */ + seed_len = qsize; + } memcpy(seed, seed_in, seed_len); + } if ((ctx = BN_CTX_new()) == NULL) goto err; @@ -195,20 +192,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, for (;;) { for (;;) { /* find q */ - int seed_is_random; + int seed_is_random = seed_in == NULL; /* step 1 */ if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (!seed_len) { - if (RAND_pseudo_bytes(seed, qsize) < 0) + if (seed_is_random) { + if (RAND_bytes(seed, qsize) <= 0) goto err; - seed_is_random = 1; } else { - seed_is_random = 0; - seed_len = 0; /* use random seed if 'seed_in' turns out to - * be bad */ + /* If we come back through, use random seed next time. */ + seed_in = NULL; } memcpy(buf, seed, qsize); memcpy(buf2, seed, qsize); diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index be7c924..ae30824 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -17,13 +17,12 @@ DSA_generate_parameters - generate DSA parameters DSA_generate_parameters() generates primes p and q and a generator g for use in the DSA. -B<bits> is the length of the prime to be generated; the DSS allows a -maximum of 1024 bits. +B<bits> is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +at least 2048, it is set to 256 bits. -If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be -generated at random. Otherwise, the seed is used to generate -them. If the given seed does not yield a prime q, a new random -seed is chosen and placed at B<seed>. +If B<seed> is NULL, the primes will be generated at random. +If B<seed_len> is less than the length of q, an error is returned. DSA_generate_parameters() places the iteration count in *B<counter_ret> and a counter used for finding a generator in _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits