projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 492bc35)
DSA_generate_parameters_ex: use the old method for all small keys
authorTomas Mraz <tomas@openssl.org>
Tue, 30 Mar 2021 11:23:12 +0000 (13:23 +0200)
committerTomas Mraz <tomas@openssl.org>
Thu, 1 Apr 2021 13:50:45 +0000 (15:50 +0200)
Fixes #14733

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14744)

crypto/dsa/dsa_gen.c patch | blob | history

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 3c46673984b9b503c5ab6c06bdc62ec880083a95..a450921412811e4caa260e42ebcebc29415149c0 100644 (file)
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -58,7 +58,7 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits,
         return 0;
 
     /* The old code used FIPS 186-2 DSA Parameter generation */
-    if (bits <= 1024 && seed_len == 20) {
+    if (bits < 2048 && seed_len <= 20) {
         if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,
                                               bits, 160, cb))
             return 0;
Unnamed repository; edit this file 'description' to name the repository.