DSA_generate_parameters_ex: use the old method for all small keys Fixes #14733 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14744)

commit: 1f99b53fe57997b72f196d54769a2fc789c69a11 [log] [tgz]
author: Tomas Mraz <tomas@openssl.org> Tue Mar 30 13:23:12 2021 +0200
committer: Tomas Mraz <tomas@openssl.org> Thu Apr 01 15:50:45 2021 +0200
tree: 0182a61f937ff6c7763f2a621df541971db53ab9
parent: 492bc359dccdcc586836f1845e8ffc6957406256 [diff]
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 3c46673..a450921 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c

@@ -58,7 +58,7 @@
         return 0;
 
     /* The old code used FIPS 186-2 DSA Parameter generation */
-    if (bits <= 1024 && seed_len == 20) {
+    if (bits < 2048 && seed_len <= 20) {
         if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,
                                               bits, 160, cb))
             return 0;
commit	1f99b53fe57997b72f196d54769a2fc789c69a11	[log] [tgz]
author	Tomas Mraz <tomas@openssl.org>	Tue Mar 30 13:23:12 2021 +0200
committer	Tomas Mraz <tomas@openssl.org>	Thu Apr 01 15:50:45 2021 +0200
tree	0182a61f937ff6c7763f2a621df541971db53ab9
parent	492bc359dccdcc586836f1845e8ffc6957406256 [diff]