diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2007-10-05 16:47:04 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2007-10-05 16:47:04 +0000 |
commit | fb8fcce2ac9e1a8a31f90349c14475548503a81c (patch) | |
tree | d48d305a0315b039afa94916e8f3ec17e12f963d | |
parent | d4736ae701cf2c5b4961066214ab03e8bce216aa (diff) | |
download | openssl-fb8fcce2ac9e1a8a31f90349c14475548503a81c.tar.gz |
Fix from fips branch.
-rw-r--r-- | crypto/dsa/dsa_gen.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 6a6be3b575..ca0b86a6cf 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -117,13 +117,20 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, if (bits < 512) bits=512; bits=(bits+63)/64*64; - if (seed_len < 20) + /* NB: seed_len == 0 is special case: copy generated seed to + * seed_in if it is not NULL. + */ + if (seed_len && (seed_len < 20)) seed_in = NULL; /* seed buffer too small -- ignore */ if (seed_len > 20) seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, * but our internal buffers are restricted to 160 bits*/ if ((seed_in != NULL) && (seed_len == 20)) + { memcpy(seed,seed_in,seed_len); + /* set seed_in to NULL to avoid it being copied back */ + seed_in = NULL; + } if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -300,7 +307,7 @@ err: ok=0; goto err; } - if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); + if (seed_in != NULL) memcpy(seed_in,seed,20); if (counter_ret != NULL) *counter_ret=counter; if (h_ret != NULL) *h_ret=h; } |