Bug 1144655

Summary: Wrong DSA_generate_parameters result
Product: [Fedora] Fedora Reporter: Ivan Romanov <drizt72>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-22 09:14:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
test-case to reproduce error none

Description Ivan Romanov 2014-09-20 06:54:46 UTC 
Created attachment 939480 [details]
test-case to reproduce error

Description of problem:
There is a DSA KeyPair Generation Algorithm. If I provide seed from this 
algorithm I must get always constant result. http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#algspec . I wrote minimal test-case. To check this. The test-case always show various wrong key. I obtained the code. Seems provided seed is not used. DSA_generate_parameters thinks seed is bad, so it uses any random seed in really.

Version-Release number of selected component (if applicable):
openssl-1.0.1e-39.fc20.x86_64

How reproducible:
Always

Steps to Reproduce:
Unpack archive and start build.sh. It compiles minimal test-case and run it.

Actual results:
Always various.

Expected results:
Constant key.

Additional info:
It works in Debian testing, also my QCA unittests passed in build.kde.org environment. In build.kde.org also is used Debian.
Comment 1 Tomas Mraz 2014-09-22 09:14:48 UTC 
The DSA parameter generation in our openssl is replaced by parameter generation based on the current FIPS specification. This means the seed for the older specification cannot be used as you found out.
Parameters <2048bits are not sufficiently secure anymore anyway.