The signature algorithms (DSA or ECDSA) all require a random number. If this random number can be guessed, the signature becomes weak and the private key can be recovered (cf. the Sony PS3 signature affair).
It seems that this random number cannot be set at signature time (functions RSA_PKCS1v15_Sign
or ECDSAsign) and the the security in non hardware-RNG mode likely relies on the pseudo-random generator and on its initialization (as this is usually difficult to get properly done).
It would be a nice improvement to the library to add this capability via an extra argument, as one could use a value like HMAC(message,priv_key) as this is done in ED25519 and in some systems.
Does anyone has experience with the quality of the signatures in the different modes (hardware and firmware RNG) ?