diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 19:55:55 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 19:55:55 +0000 |
commit | cac4fb58e02d8cf799d75212179f56c69e652ec7 (patch) | |
tree | d96dd01b03818cc88755fee7fe19d28d3ed9b43e /crypto/dsa/dsa_ossl.c | |
parent | 9e5fe439b4e8fb4198f241f2ba16a029a480d5f5 (diff) | |
download | openssl-cac4fb58e02d8cf799d75212179f56c69e652ec7.zip openssl-cac4fb58e02d8cf799d75212179f56c69e652ec7.tar.gz openssl-cac4fb58e02d8cf799d75212179f56c69e652ec7.tar.bz2 |
Add PRNG security strength checking.
Diffstat (limited to 'crypto/dsa/dsa_ossl.c')
-rw-r--r-- | crypto/dsa/dsa_ossl.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index f1512a4..acf7af9 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -150,11 +150,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) return NULL; } - if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) + if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) + && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL); return NULL; } + if (!fips_check_dsa_prng(dsa, 0, 0)) + goto err; #endif BN_init(&m); |