Add secure DSA nonce flag.

This change adds the option to calculate (EC)DSA nonces by hashing the message and private key along with entropy to avoid leaking the private key if the PRNG fails.
author: Adam Langley <agl@chromium.org> 2013-01-24 16:27:28 -0500
committer: Ben Laurie <ben@links.org> 2013-06-13 17:26:07 +0100
commit: 8a99cb29d1f0013243a532bccc1dc70ed678eebe (patch)
tree: e29022ee28dbc0e6507597b2baf094760924f421 /crypto/bn/bn.h
parent: 64a786a292e301bfbcb269cd2bff0533503d5b8b (diff)
download: openssl-8a99cb29d1f0013243a532bccc1dc70ed678eebe.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index d7397cae8b..7c23c01c2f 100644
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -676,6 +676,10 @@ const BIGNUM *BN_get0_nist_prime_521(void);
 
 int (*BN_nist_mod_func(const BIGNUM *p))(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx);
 
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
+			  const unsigned char *message, size_t message_len,
+			  BN_CTX *ctx);
+
 /* library internal functions */
 
 #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
@@ -868,6 +872,7 @@ void ERR_load_BN_strings(void);
 #define BN_R_NOT_INITIALIZED				 107
 #define BN_R_NO_INVERSE					 108
 #define BN_R_NO_SOLUTION				 116
+#define BN_R_PRIVATE_KEY_TOO_LARGE			 117
 #define BN_R_P_IS_NOT_PRIME				 112
 #define BN_R_TOO_MANY_ITERATIONS			 113
 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
author	Adam Langley <agl@chromium.org>	2013-01-24 16:27:28 -0500
committer	Ben Laurie <ben@links.org>	2013-06-13 17:26:07 +0100
commit	8a99cb29d1f0013243a532bccc1dc70ed678eebe (patch)
tree	e29022ee28dbc0e6507597b2baf094760924f421 /crypto/bn/bn.h
parent	64a786a292e301bfbcb269cd2bff0533503d5b8b (diff)
download	openssl-8a99cb29d1f0013243a532bccc1dc70ed678eebe.tar.gz