Add PRNG security strength checking.

2011-04-23 19:55:55 +00:00
parent 9e5fe439b4
commit cac4fb58e0
14 changed files with 225 additions and 12 deletions
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -133,6 +133,11 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
 		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
 		goto err;
 	}
+
+#ifdef OPENSSL_FIPS
+	if (!fips_check_ec_prng(eckey))
+		goto err;
+#endif
 	
 	do
 	{
@@ -235,6 +240,11 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
 		return NULL;
 	}

+#ifdef OPENSSL_FIPS
+	if (!fips_check_ec_prng(eckey))
+		return NULL;
+#endif
+
 	ret = ECDSA_SIG_new();
 	if (!ret)
 	{