From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 30 Mar 2021 11:23:12 +0000 (+0200)
Subject: DSA_generate_parameters_ex: use the old method for all small keys
X-Git-Tag: openssl-3.0.0-alpha14~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f99b53fe57997b72f196d54769a2fc789c69a11;p=thirdparty%2Fopenssl.git

DSA_generate_parameters_ex: use the old method for all small keys

Fixes #14733

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14744)
---

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 3c46673984b..a4509214128 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -58,7 +58,7 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits,
         return 0;
 
     /* The old code used FIPS 186-2 DSA Parameter generation */
-    if (bits <= 1024 && seed_len == 20) {
+    if (bits < 2048 && seed_len <= 20) {
         if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,
                                               bits, 160, cb))
             return 0;