diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 19:55:55 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 19:55:55 +0000 |
| commit | cac4fb58e02d8cf799d75212179f56c69e652ec7 (patch) | |
| tree | d96dd01b03818cc88755fee7fe19d28d3ed9b43e /crypto/ecdsa/ecs_ossl.c | |
| parent | 9e5fe439b4e8fb4198f241f2ba16a029a480d5f5 (diff) | |
| download | openssl-cac4fb58e02d8cf799d75212179f56c69e652ec7.tar.gz | |
Add PRNG security strength checking.
Diffstat (limited to 'crypto/ecdsa/ecs_ossl.c')
| -rw-r--r-- | crypto/ecdsa/ecs_ossl.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 4ed29d1889..3518bb02e1 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -133,6 +133,11 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } + +#ifdef OPENSSL_FIPS + if (!fips_check_ec_prng(eckey)) + goto err; +#endif do { @@ -235,6 +240,11 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, return NULL; } +#ifdef OPENSSL_FIPS + if (!fips_check_ec_prng(eckey)) + return NULL; +#endif + ret = ECDSA_SIG_new(); if (!ret) { |