From cac4fb58e02d8cf799d75212179f56c69e652ec7 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 23 Apr 2011 19:55:55 +0000
Subject: Add PRNG security strength checking.

---
 crypto/ecdsa/ecs_ossl.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'crypto/ecdsa')

diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index 4ed29d1889..3518bb02e1 100644
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -133,6 +133,11 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
 		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
 		goto err;
 	}
+
+#ifdef OPENSSL_FIPS
+	if (!fips_check_ec_prng(eckey))
+		goto err;
+#endif
 	
 	do
 	{
@@ -235,6 +240,11 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
 		return NULL;
 	}
 
+#ifdef OPENSSL_FIPS
+	if (!fips_check_ec_prng(eckey))
+		return NULL;
+#endif
+
 	ret = ECDSA_SIG_new();
 	if (!ret)
 	{
-- 
cgit v1.2.3