From: Dr. Stephen Henson Date: Wed, 9 Sep 2009 12:15:08 +0000 (+0000) Subject: Seed PRNG with DSA and ECDSA digests for additional protection against X-Git-Tag: OpenSSL-fips-2_0-rc1~1542 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8c7168698ee338f202d23da9805981c57a8b3a33;p=oweals%2Fopenssl.git Seed PRNG with DSA and ECDSA digests for additional protection against possible PRNG state duplication. --- diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 6ac8e486e8..17555e5892 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -60,6 +60,7 @@ #include "cryptlib.h" #include +#include DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { @@ -70,6 +71,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa) { DSA_SIG *s; + RAND_seed(dgst, dlen); s=DSA_do_sign(dgst,dlen,dsa); if (s == NULL) { diff --git a/crypto/ecdsa/ecs_sign.c b/crypto/ecdsa/ecs_sign.c index 74b1fe8caf..353d5af514 100644 --- a/crypto/ecdsa/ecs_sign.c +++ b/crypto/ecdsa/ecs_sign.c @@ -57,6 +57,7 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#include ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { @@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char EC_KEY *eckey) { ECDSA_SIG *s; + RAND_seed(dgst, dlen); s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); if (s == NULL) {