Add additional parameter to dsa_builtin_paramgen to output the generated

seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index cb0b4538a49f163109ea598fb7ba7e0f91f45263..e509dc94e870fe691c4280b8b627e765a8b9ab08 100644 (file)
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -105,12 +105,13 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
                        }
 
                return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
-                               seed_in, seed_len, counter_ret, h_ret, cb);
+                       seed_in, seed_len, NULL, counter_ret, h_ret, cb);
                }
        }
 
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+       unsigned char *seed_out,
        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
        int ok=0;
@@ -332,6 +333,8 @@ err:
                        }
                if (counter_ret != NULL) *counter_ret=counter;
                if (h_ret != NULL) *h_ret=h;
+               if (seed_out)
+                       memcpy(seed_out, seed, qsize);
                }
        if(ctx)
                {

diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
index 2b8cfee3dbd5e27430e79a274f533d528d6cfbb6..21e2e4524224a29224375ec2e4bfb6b346623a1e 100644 (file)
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -56,4 +56,5 @@
 
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+       unsigned char *seed_out,
        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 4ce91e20c64375899819bdecfb839bb23220d61f..0ad12e008df7f6802bc262ddcce056b1d2c728d7 100644 (file)
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -252,7 +252,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
        if (!dsa)
                return 0;
        ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
-                                  NULL, 0, NULL, NULL, pcb);
+                                  NULL, 0, NULL, NULL, NULL, pcb);
        if (ret)
                EVP_PKEY_assign_DSA(pkey, dsa);
        else