2 files changed, 14 insertions, 8 deletions

diff --git a/src/lib/math/numbertheory/dsa_gen.cpp b/src/lib/math/numbertheory/dsa_gen.cpp
index a01810025..2f952356f 100644
--- a/src/lib/math/numbertheory/dsa_gen.cpp
+++ b/src/lib/math/numbertheory/dsa_gen.cpp
@@ -39,7 +39,8 @@ bool fips186_3_valid_size(size_t pbits, size_t qbits)
 bool generate_dsa_primes(RandomNumberGenerator& rng,
                          BigInt& p, BigInt& q,
                          size_t pbits, size_t qbits,
-                         const std::vector<uint8_t>& seed_c)
+                         const std::vector<uint8_t>& seed_c,
+                         size_t offset)
    {
    if(!fips186_3_valid_size(pbits, qbits))
       throw Invalid_Argument(
@@ -98,14 +99,17 @@ bool generate_dsa_primes(RandomNumberGenerator& rng,
          hash->final(&V[HASH_SIZE * (n-k)]);
          }
 
-      X.binary_decode(&V[HASH_SIZE - 1 - b/8],
-                      V.size() - (HASH_SIZE - 1 - b/8));
-      X.set_bit(pbits-1);
+      if(j >= offset)
+         {
+         X.binary_decode(&V[HASH_SIZE - 1 - b/8],
+                         V.size() - (HASH_SIZE - 1 - b/8));
+         X.set_bit(pbits-1);
 
-      p = X - (X % (2*q) - 1);
+         p = X - (X % (2*q) - 1);
 
-      if(p.bits() == pbits && is_prime(p, rng))
-         return true;
+         if(p.bits() == pbits && is_prime(p, rng))
+            return true;
+         }
       }
    return false;
    }
diff --git a/src/lib/math/numbertheory/numthry.h b/src/lib/math/numbertheory/numthry.h
index 6d6991c15..536dd069c 100644
--- a/src/lib/math/numbertheory/numthry.h
+++ b/src/lib/math/numbertheory/numthry.h
@@ -223,6 +223,7 @@ generate_dsa_primes(RandomNumberGenerator& rng,
 * @param pbits how long p will be in bits
 * @param qbits how long q will be in bits
 * @param seed the seed used to generate the parameters
+* @param offset optional offset from seed to start searching at
 * @return true if seed generated a valid DSA parameter set, otherwise
           false. p_out and q_out are only valid if true was returned.
 */
@@ -230,7 +231,8 @@ bool BOTAN_DLL
 generate_dsa_primes(RandomNumberGenerator& rng,
                     BigInt& p_out, BigInt& q_out,
                     size_t pbits, size_t qbits,
-                    const std::vector<uint8_t>& seed);
+                    const std::vector<uint8_t>& seed,
+                    size_t offset = 0);
 
 /**
 * The size of the PRIMES[] array