From 5e843fa133e01fd852e9b0a69709a66b1c4b7fbf Mon Sep 17 00:00:00 2001
From: Darryl Green <darryl.green@arm.com>
Date: Thu, 5 Sep 2019 14:06:34 +0100
Subject: [PATCH] Use safer deterministic function in psa_ecdsa_sign

---
 library/psa_crypto.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ef2d50e62..a80f13de3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3271,9 +3271,11 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
         psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
         const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
         mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp->grp, &r, &s, &ecp->d,
-                                                 hash, hash_length,
-                                                 md_alg ) );
+        MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s,
+                                                     &ecp->d, hash,
+                                                     hash_length, md_alg,
+                                                     mbedtls_ctr_drbg_random,
+                                                     &global_data.ctr_drbg ) );
     }
     else
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */