Seed PRNG with DSA and ECDSA digests for additional protection against

author Dr. Stephen Henson <steve@openssl.org>

Wed, 9 Sep 2009 12:15:08 +0000 (12:15 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 9 Sep 2009 12:15:08 +0000 (12:15 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 9 Sep 2009 12:15:08 +0000 (12:15 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 9 Sep 2009 12:15:08 +0000 (12:15 +0000)
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c

index 6ac8e486e80ebe5bbb373f6eecb32e1291102cce..17555e589275eabbabab7c604d507f608b8b6d7f 100644 (file)
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -60,6 +60,7 @@
  
  #include "cryptlib.h"
  #include <openssl/dsa.h>
  
  #include "cryptlib.h"
  #include <openssl/dsa.h>
+#include <openssl/rand.h>
  
  DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         {
  
  DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         {
@@ -70,6 +71,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
              unsigned int *siglen, DSA *dsa)
         {
         DSA_SIG *s;
              unsigned int *siglen, DSA *dsa)
         {
         DSA_SIG *s;
+       RAND_seed(dgst, dlen);
         s=DSA_do_sign(dgst,dlen,dsa);
         if (s == NULL)
                 {
         s=DSA_do_sign(dgst,dlen,dsa);
         if (s == NULL)
                 {
diff --git a/crypto/ecdsa/ecs_sign.c b/crypto/ecdsa/ecs_sign.c

index 74b1fe8caff4d9816a3088dde7627113c1af742f..353d5af5146def603242fb1af0090c67fc714842 100644 (file)
--- a/crypto/ecdsa/ecs_sign.c
+++ b/crypto/ecdsa/ecs_sign.c
@@ -57,6 +57,7 @@
  #ifndef OPENSSL_NO_ENGINE
  #include <openssl/engine.h>
  #endif
  #ifndef OPENSSL_NO_ENGINE
  #include <openssl/engine.h>
  #endif
+#include <openssl/rand.h>
  
  ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
  {
  
  ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
  {
@@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
         EC_KEY *eckey)
  {
         ECDSA_SIG *s;
         EC_KEY *eckey)
  {
         ECDSA_SIG *s;
+       RAND_seed(dgst, dlen);
         s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
         if (s == NULL)
         {
         s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
         if (s == NULL)
         {
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 9 Sep 2009 12:15:08 +0000 (12:15 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 9 Sep 2009 12:15:08 +0000 (12:15 +0000)
crypto/dsa/dsa_sign.c		patch \| blob \| history
crypto/ecdsa/ecs_sign.c		patch \| blob \| history