Use safer deterministic function in psa_ecdsa_sign

2025-02-02 08:51:03 +00:00 · 2019-09-05 14:06:34 +01:00 · 2019-09-05 14:06:34 +01:00 · 5e843fa133
parent 75f2c20f9c
commit 5e843fa133
1 changed files with 5 additions and 3 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -3271,9 +3271,11 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
        psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
        const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
        mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp->grp, &r, &s, &ecp->d,
-                                                 hash, hash_length,
-                                                 md_alg ) );
+        MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s,
+                                                     &ecp->d, hash,
+                                                     hash_length, md_alg,
+                                                     mbedtls_ctr_drbg_random,
+                                                     &global_data.ctr_drbg ) );
    }
    else
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */