|
|
@@ -487,16 +487,14 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, |
|
|
|
|
|
|
|
bits = (bits + 63) / 64 * 64; |
|
|
|
|
|
|
|
/* NB: seed_len == 0 is special case: copy generated seed to |
|
|
|
* seed_in if it is not NULL. */ |
|
|
|
if (seed_len && (seed_len < (size_t)qsize)) { |
|
|
|
seed_in = NULL; /* seed buffer too small -- ignore */ |
|
|
|
} |
|
|
|
if (seed_len > (size_t)qsize) { |
|
|
|
seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, |
|
|
|
* but our internal buffers are restricted to 160 bits*/ |
|
|
|
} |
|
|
|
if (seed_in != NULL) { |
|
|
|
if (seed_len < (size_t)qsize) { |
|
|
|
return 0; |
|
|
|
} |
|
|
|
if (seed_len > (size_t)qsize) { |
|
|
|
/* Only consume as much seed as is expected. */ |
|
|
|
seed_len = qsize; |
|
|
|
} |
|
|
|
memcpy(seed, seed_in, seed_len); |
|
|
|
} |
|
|
|
|
|
|
@@ -527,21 +525,19 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, |
|
|
|
for (;;) { |
|
|
|
/* Find q. */ |
|
|
|
for (;;) { |
|
|
|
int seed_is_random; |
|
|
|
|
|
|
|
/* step 1 */ |
|
|
|
if (!BN_GENCB_call(cb, 0, m++)) { |
|
|
|
goto err; |
|
|
|
} |
|
|
|
|
|
|
|
if (!seed_len) { |
|
|
|
int use_random_seed = (seed_in == NULL); |
|
|
|
if (use_random_seed) { |
|
|
|
if (!RAND_bytes(seed, qsize)) { |
|
|
|
goto err; |
|
|
|
} |
|
|
|
seed_is_random = 1; |
|
|
|
} else { |
|
|
|
seed_is_random = 0; |
|
|
|
seed_len = 0; /* use random seed if 'seed_in' turns out to be bad*/ |
|
|
|
/* If we come back through, use random seed next time. */ |
|
|
|
seed_in = NULL; |
|
|
|
} |
|
|
|
memcpy(buf, seed, qsize); |
|
|
|
memcpy(buf2, seed, qsize); |
|
|
@@ -570,7 +566,7 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, |
|
|
|
} |
|
|
|
|
|
|
|
/* step 4 */ |
|
|
|
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb); |
|
|
|
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, cb); |
|
|
|
if (r > 0) { |
|
|
|
break; |
|
|
|
} |
|
|
|