Bug in DSA_generate_parameters_ex in 20070227 snapshot

In dsa_gen.c: for (i = qsize-1; i = 0; i--) { buf[i]++; if (buf[i] != 0) break; } i is a size_t, so the expression i = 0 is always true. If the value of seed is 0xFF...FF, the break will never be triggered either, and it will modify memory after seed. Test

Re: Bug in DSA_generate_parameters_ex in 20070227 snapshot

Jack Lloyd wrote: In dsa_gen.c: for (i = qsize-1; i = 0; i--) { buf[i]++; if (buf[i] != 0) break; } i is a size_t, so the expression i = 0 is always true. true ... 'i' is now a 'int' again. Thanks, Nils