projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 48b30bf)
Seed PRNG with DSA and ECDSA digests for additional protection against
authorDr. Stephen Henson <steve@openssl.org>
Wed, 9 Sep 2009 12:07:41 +0000 (12:07 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 9 Sep 2009 12:07:41 +0000 (12:07 +0000)
possible PRNG state duplication.

crypto/dsa/dsa_asn1.c patch | blob | history
crypto/ecdsa/ecs_sign.c patch | blob | history

diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 0645facb4bfaf4773c9daf56789d7a32f50d8d58..bc7d7a02a347dd3a66be17f09388cd8e546ac12a 100644 (file)
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -62,6 +62,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
+#include <openssl/rand.h>
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
@@ -155,6 +156,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
                return 0;
                }
 #endif
+       RAND_seed(dgst, dlen);
        s=DSA_do_sign(dgst,dlen,dsa);
        if (s == NULL)
                {
diff --git a/crypto/ecdsa/ecs_sign.c b/crypto/ecdsa/ecs_sign.c
index 74b1fe8caff4d9816a3088dde7627113c1af742f..353d5af5146def603242fb1af0090c67fc714842 100644 (file)
--- a/crypto/ecdsa/ecs_sign.c
+++ b/crypto/ecdsa/ecs_sign.c
@@ -57,6 +57,7 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#include <openssl/rand.h>
 
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
 {
@@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
        EC_KEY *eckey)
 {
        ECDSA_SIG *s;
+       RAND_seed(dgst, dlen);
        s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
        if (s == NULL)
        {
Unnamed repository; edit this file 'description' to name the repository.