generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable Dual EC DRBG.

Browse Source 
Return an error if an attempt is made to enable the Dual EC DRBG: it
is not used by default.
(cherry picked from commit a4870de5aa)
This commit is contained in:
Dr. Stephen Henson
2013-09-16 05:23:44 +01:00
parent 7560f63909
commit b49df9502e
3 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/rand/rand_lib.c
View File

@@ -269,6 +269,14 @@ int RAND_init_fips(void)
DRBG_CTX *dctx;
size_t plen;
unsigned char pers[32], *p;
#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
if (fips_drbg_type >> 16)
{
RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
return 0;
}
#endif
dctx = FIPS_get_default_drbg();
if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
{