diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-09-16 05:23:44 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-09-22 18:25:58 +0100 |
| commit | b49df9502e25a8590ea0ef8088bac54f2d6d2bb2 (patch) | |
| tree | 84eb573e6fb6a294e401ca5055491437ee87e6c1 /crypto/rand/rand_lib.c | |
| parent | 7560f63909bdb1baa751eadc7538e44f27c3f731 (diff) | |
Disable Dual EC DRBG.
Return an error if an attempt is made to enable the Dual EC DRBG: it
is not used by default.
(cherry picked from commit a4870de5aaef562c0947494b410a2387f3a6d04d)
Diffstat (limited to 'crypto/rand/rand_lib.c')
| -rw-r--r-- | crypto/rand/rand_lib.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 476a0cd187..5ac0e14caf 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -269,6 +269,14 @@ int RAND_init_fips(void) DRBG_CTX *dctx; size_t plen; unsigned char pers[32], *p; +#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG + if (fips_drbg_type >> 16) + { + RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED); + return 0; + } +#endif + dctx = FIPS_get_default_drbg(); if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { |