return error if counter exceeds limit and seed value supplied

[openssl.git] / crypto / dsa / dsa_gen.c

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index e88b3fcf7c58dfa08c176d3d0a732f6b7261ee87..9e3e57a828599e24c4d088319672c9575292bb41 100644 (file)
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -405,7 +405,7 @@ static int dsa2_valid_parameters(size_t L, size_t N)
        if (L == 2048 && N == 256)
                return 112;
        if (L == 3072 && N == 256)
-               return 112;
+               return 128;
        return 0;
        }
 
@@ -666,7 +666,13 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
                        /* "offset = offset + n + 1" */
 
                        /* step 14 */
-                       if (counter >= 4096) break;
+                       if (counter >= (int)(4 * L)) break;
+                       }
+               if (seed_in)
+                       {
+                       ok = 0;
+                       DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+                       goto err;
                        }
                }
 end:
@@ -691,6 +697,7 @@ end:
 
        for (;;)
                {
+               __fips_constseg
                static const unsigned char ggen[4] = {0x67,0x67,0x65,0x6e};
                if (idx >= 0)
                        {