Add PRNG security strength checking.

author: Dr. Stephen Henson <steve@openssl.org> 2011-04-23 19:55:55 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-23 19:55:55 +0000
commit: cac4fb58e02d8cf799d75212179f56c69e652ec7 (patch)
tree: d96dd01b03818cc88755fee7fe19d28d3ed9b43e /crypto/dsa/dsa_ossl.c
parent: 9e5fe439b4e8fb4198f241f2ba16a029a480d5f5 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index f1512a40dd..acf7af95c4 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -150,11 +150,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	    return NULL;
 	    }
 
-	if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+	if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) 
+		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
 		{
 		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
 		return NULL;
 		}
+	if (!fips_check_dsa_prng(dsa, 0, 0))
+		goto err;
 #endif
 
 	BN_init(&m);
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-23 19:55:55 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-23 19:55:55 +0000
commit	cac4fb58e02d8cf799d75212179f56c69e652ec7 (patch)
tree	d96dd01b03818cc88755fee7fe19d28d3ed9b43e /crypto/dsa/dsa_ossl.c
parent	9e5fe439b4e8fb4198f241f2ba16a029a480d5f5 (diff)