diff options
author | Adam Langley <agl@chromium.org> | 2013-07-15 12:42:15 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-07-15 12:57:48 +0100 |
commit | 190c615d4398cc6c8b61eb7881d7409314529a75 (patch) | |
tree | 364615b71860e8587e36c1031de887ae32cb2811 /crypto/dsa/dsa_ossl.c | |
parent | 5c57c69f9ebcc933161a24d77f87f17011c9977b (diff) | |
download | openssl-190c615d4398cc6c8b61eb7881d7409314529a75.zip openssl-190c615d4398cc6c8b61eb7881d7409314529a75.tar.gz openssl-190c615d4398cc6c8b61eb7881d7409314529a75.tar.bz2 |
Make `safe' (EC)DSA nonces the default.
This change updates 8a99cb29 to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.
In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.
Diffstat (limited to 'crypto/dsa/dsa_ossl.c')
-rw-r--r-- | crypto/dsa/dsa_ossl.c | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index d1f8060..fb82c16 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -72,9 +72,10 @@ #endif static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp, - const unsigned char *dgst, int dlen); +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +static int dsa_sign_setup_with_digest(DSA *dsa, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp, + const unsigned char *dgst, int dlen); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); @@ -178,7 +179,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) redo: if ((dsa->kinv == NULL) || (dsa->r == NULL)) { - if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r,dgst,dlen)) + if (!dsa_sign_setup_with_digest(dsa,ctx,&kinv,&r,dgst,dlen)) goto err; } else @@ -239,8 +240,13 @@ err: } static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp, - const unsigned char *dgst, int dlen) + BIGNUM **kinvp, BIGNUM **rp) { + return dsa_sign_setup_with_digest(dsa, ctx_in, kinvp, rp, NULL, 0); +} + +static int dsa_sign_setup_with_digest(DSA *dsa, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp, + const unsigned char *dgst, int dlen) { BN_CTX *ctx; BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; @@ -268,11 +274,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, do { #ifndef OPENSSL_NO_SHA512 - if (dsa->flags & DSA_FLAG_NONCE_FROM_HASH) + if (dgst != NULL) { - /* If DSA_FLAG_NONCE_FROM_HASH is set then we calculate k from - * SHA512(private_key + H(message) + random). This protects the - * private key from a weak PRNG. */ + /* We calculate k from SHA512(private_key + H(message) + * + random). This protects the private key from a weak + * PRNG. */ if (!BN_generate_dsa_nonce(&k, dsa->q, dsa->priv_key, dgst, dlen, ctx)) goto err; |