projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d4736ae)
Fix from fips branch.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 5 Oct 2007 16:47:04 +0000 (16:47 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 5 Oct 2007 16:47:04 +0000 (16:47 +0000)
crypto/dsa/dsa_gen.c patch | blob | history

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 6a6be3b57537d864aae8d49692f9abb63ee9e427..ca0b86a6cfc0f3d71a3c5146f688053ae6899700 100644 (file)
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -117,13 +117,20 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
        if (bits < 512) bits=512;
        bits=(bits+63)/64*64;
 
-       if (seed_len < 20)
+       /* NB: seed_len == 0 is special case: copy generated seed to
+        * seed_in if it is not NULL.
+        */
+       if (seed_len && (seed_len < 20))
                seed_in = NULL; /* seed buffer too small -- ignore */
        if (seed_len > 20) 
                seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
                                * but our internal buffers are restricted to 160 bits*/
        if ((seed_in != NULL) && (seed_len == 20))
+               {
                memcpy(seed,seed_in,seed_len);
+               /* set seed_in to NULL to avoid it being copied back */
+               seed_in = NULL;
+               }
 
        if ((ctx=BN_CTX_new()) == NULL) goto err;
 
@@ -300,7 +307,7 @@ err:
                        ok=0;
                        goto err;
                        }
-               if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
+               if (seed_in != NULL) memcpy(seed_in,seed,20);
                if (counter_ret != NULL) *counter_ret=counter;
                if (h_ret != NULL) *h_ret=h;
                }
Unnamed repository; edit this file 'description' to name the repository.