Fix from fips branch.

author: Dr. Stephen Henson <steve@openssl.org> 2007-10-05 16:47:04 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-10-05 16:47:04 +0000
commit: fb8fcce2ac9e1a8a31f90349c14475548503a81c (patch)
tree: d48d305a0315b039afa94916e8f3ec17e12f963d
parent: d4736ae701cf2c5b4961066214ab03e8bce216aa (diff)
download: openssl-fb8fcce2ac9e1a8a31f90349c14475548503a81c.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 6a6be3b575..ca0b86a6cf 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -117,13 +117,20 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
 	if (bits < 512) bits=512;
 	bits=(bits+63)/64*64;
 
-	if (seed_len < 20)
+	/* NB: seed_len == 0 is special case: copy generated seed to
+ 	 * seed_in if it is not NULL.
+ 	 */
+	if (seed_len && (seed_len < 20))
 		seed_in = NULL; /* seed buffer too small -- ignore */
 	if (seed_len > 20) 
 		seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
 		                * but our internal buffers are restricted to 160 bits*/
 	if ((seed_in != NULL) && (seed_len == 20))
+		{
 		memcpy(seed,seed_in,seed_len);
+		/* set seed_in to NULL to avoid it being copied back */
+		seed_in = NULL;
+		}
 
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 
@@ -300,7 +307,7 @@ err:
 			ok=0;
 			goto err;
 			}
-		if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
+		if (seed_in != NULL) memcpy(seed_in,seed,20);
 		if (counter_ret != NULL) *counter_ret=counter;
 		if (h_ret != NULL) *h_ret=h;
 		}
author	Dr. Stephen Henson <steve@openssl.org>	2007-10-05 16:47:04 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-10-05 16:47:04 +0000
commit	fb8fcce2ac9e1a8a31f90349c14475548503a81c (patch)
tree	d48d305a0315b039afa94916e8f3ec17e12f963d
parent	d4736ae701cf2c5b4961066214ab03e8bce216aa (diff)
download	openssl-fb8fcce2ac9e1a8a31f90349c14475548503a81c.tar.gz