GH367: Fix dsa keygen for too-short seed If the seed value for dsa key generation is too short (< qsize), return an error. Also update the documentation. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index d2a0418..92c89a0 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod
@@ -23,13 +23,12 @@ DSA_generate_parameters_ex() generates primes p and q and a generator g for use in the DSA and stores the result in B<dsa>. -B<bits> is the length of the prime to be generated; the DSS allows a -maximum of 1024 bits. +B<bits> is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +at least 2048, it is set to 256 bits. -If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be -generated at random. Otherwise, the seed is used to generate -them. If the given seed does not yield a prime q, a new random -seed is chosen and placed at B<seed>. +If B<seed> is NULL, the primes will be generated at random. +If B<seed_len> is less than the length of q, an error is returned. DSA_generate_parameters_ex() places the iteration count in *B<counter_ret> and a counter used for finding a generator in