}
# endif
else {
- const EVP_MD *evpmd;
- size_t qbits = bits >= 2048 ? 256 : 160;
-
- if (bits >= 2048) {
- qbits = 256;
- evpmd = EVP_sha256();
- } else {
- qbits = 160;
- evpmd = EVP_sha1();
- }
+ const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
+ size_t qbits = EVP_MD_size(evpmd) * 8;
return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
seed_in, seed_len, NULL, counter_ret,
/* invalid q size */
return 0;
- if (evpmd == NULL)
- /* use SHA1 as default */
- evpmd = EVP_sha1();
+ if (evpmd == NULL) {
+ if (qsize == SHA_DIGEST_LENGTH)
+ evpmd = EVP_sha1();
+ else if (qsize == SHA224_DIGEST_LENGTH)
+ evpmd = EVP_sha224();
+ else
+ evpmd = EVP_sha256();
+ } else {
+ qsize = EVP_MD_size(evpmd);
+ }
if (bits < 512)
bits = 512;
bits = (bits + 63) / 64 * 64;
- if (seed_in != NULL) {
- if (seed_len < (size_t)qsize)
- return 0;
- if (seed_len > (size_t)qsize) {
- /* Only consume as much seed as is expected. */
- seed_len = qsize;
- }
+ /*
+ * NB: seed_len == 0 is special case: copy generated seed to seed_in if
+ * it is not NULL.
+ */
+ if (seed_len && (seed_len < (size_t)qsize))
+ seed_in = NULL; /* seed buffer too small -- ignore */
+ if (seed_len > (size_t)qsize)
+ seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger
+ * SEED, but our internal buffers are
+ * restricted to 160 bits */
+ if (seed_in != NULL)
memcpy(seed, seed_in, seed_len);
- }
- if ((ctx = BN_CTX_new()) == NULL)
+ if ((mont = BN_MONT_CTX_new()) == NULL)
goto err;
- if ((mont = BN_MONT_CTX_new()) == NULL)
+ if ((ctx = BN_CTX_new()) == NULL)
goto err;
BN_CTX_start(ctx);
+
r0 = BN_CTX_get(ctx);
g = BN_CTX_get(ctx);
W = BN_CTX_get(ctx);
p = BN_CTX_get(ctx);
test = BN_CTX_get(ctx);
+ if (test == NULL)
+ goto err;
+
if (!BN_lshift(test, BN_value_one(), bits - 1))
goto err;
for (;;) {
for (;;) { /* find q */
- int use_random_seed = (seed_in == NULL);
+ int seed_is_random;
/* step 1 */
if (!BN_GENCB_call(cb, 0, m++))
goto err;
- if (use_random_seed) {
+ if (!seed_len || !seed_in) {
if (RAND_bytes(seed, qsize) <= 0)
goto err;
+ seed_is_random = 1;
} else {
- /* If we come back through, use random seed next time. */
- seed_in = NULL;
+ seed_is_random = 0;
+ seed_len = 0; /* use random seed if 'seed_in' turns out to
+ * be bad */
}
memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize);
/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
- use_random_seed, cb);
+ seed_is_random, cb);
if (r > 0)
break;
if (r != 0)
} else {
p = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
+ if (q == NULL)
+ goto err;
}
if (!BN_lshift(test, BN_value_one(), L - 1))
goto err;
if (!seed_in) {
- if (RAND_pseudo_bytes(seed, seed_len) < 0)
+ if (RAND_bytes(seed, seed_len) <= 0)
goto err;
}
/* step 2 */