From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 1 Feb 2011 17:15:19 +0000 (+0000)
Subject: fixes for DSA2 parameter generation
X-Git-Tag: OpenSSL-fips-2_0-rc1~816
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3c2c4cc5f2a1b9e25c704ea2d9e7a65bcaa4f64e;p=oweals%2Fopenssl.git

fixes for DSA2 parameter generation
---

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 7f8ee8f727..593ae55848 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -472,7 +472,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 				goto err;
 
 			if (!seed_in)
-				RAND_pseudo_bytes(seed, qsize);
+				RAND_pseudo_bytes(seed, seed_len);
 			/* step 2 */
 			if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
 				goto err;
@@ -509,6 +509,9 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 			/* do a callback call */
 			/* step 5 */
 			}
+		/* Copy seed to seed_out before we mess with it */
+		if (seed_out)
+			memcpy(seed_out, seed, seed_len);
 
 		if(!BN_GENCB_call(cb, 2, 0)) goto err;
 		if(!BN_GENCB_call(cb, 3, 0)) goto err;
@@ -605,7 +608,7 @@ end:
 
 	ok=1;
 err:
-	if (ok)
+	if (ok == 1)
 		{
 		if(ret->p) BN_free(ret->p);
 		if(ret->q) BN_free(ret->q);
@@ -620,8 +623,6 @@ err:
 			}
 		if (counter_ret != NULL) *counter_ret=counter;
 		if (h_ret != NULL) *h_ret=h;
-		if (seed_out)
-			memcpy(seed_out, seed, seed_len);
 		}
 	if (seed)
 		OPENSSL_free(seed);