DSA FIPS186-4 key generation: print the required seed length on mismatch

diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c
index ca073b452e8441d0394c0965ce677fc781a8ba5f..75a7535893659a0be77c53217b2aba7d3dbd14c7 100644 (file)
--- a/lib/nettle/int/dsa-keygen-fips186.c
+++ b/lib/nettle/int/dsa-keygen-fips186.c
@@ -424,8 +424,10 @@ _dsa_generate_dss_pqg(struct dsa_params *params,
        if (cert->seed_length > sizeof(cert->seed))
                return 0;
 
-       if (cert->seed_length != seed_size)
+       if (cert->seed_length != seed_size) {
+               _gnutls_debug_log("Seed length must be %d bytes\n", cert->seed_length);
                return 0;
+       }
 
        memcpy(cert->seed, seed, cert->seed_length);