From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 25 Nov 2011 16:03:27 +0000 (+0000)
Subject: return error if counter exceeds limit and seed value supplied
X-Git-Tag: OpenSSL-fips-2_0-rc5~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31bf5f13e0250890b5711478c23ba6def7966f5e;p=thirdparty%2Fopenssl.git

return error if counter exceeds limit and seed value supplied
---

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 3b49420c762..9e3e57a8285 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -668,6 +668,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 			/* step 14 */
 			if (counter >= (int)(4 * L)) break;
 			}
+		if (seed_in)
+			{
+			ok = 0;
+			DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+			goto err;
+			}
 		}
 end:
 	if(!BN_GENCB_call(cb, 2, 1))