Commit 8c716869 authored Sep 09, 2009 by Dr. Stephen Henson

Seed PRNG with DSA and ECDSA digests for additional protection against

possible PRNG state duplication.

parent b5ca7df5

crypto/dsa/dsa_sign.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -60,6 +60,7 @@

		#include "cryptlib.h"
		#include <openssl/dsa.h>
		#include <openssl/rand.h>

		DSA_SIG * DSA_do_sign(const unsigned char dgst, int dlen, DSA dsa)
		{
		@@ -70,6 +71,7 @@ int DSA_sign(int type, const unsigned char dgst, int dlen, unsigned char sig,
		unsigned int siglen, DSA dsa)
		{
		DSA_SIG *s;
		RAND_seed(dgst, dlen);
		s=DSA_do_sign(dgst,dlen,dsa);
		if (s == NULL)
		{

crypto/ecdsa/ecs_sign.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -57,6 +57,7 @@
		#ifndef OPENSSL_NO_ENGINE
		#include <openssl/engine.h>
		#endif
		#include <openssl/rand.h>

		ECDSA_SIG ECDSA_do_sign(const unsigned char dgst, int dlen, EC_KEY *eckey)
		{
		@@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
		EC_KEY *eckey)
		{
		ECDSA_SIG *s;
		RAND_seed(dgst, dlen);
		s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
		if (s == NULL)
		{