projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add secure DSA nonce flag.
[openssl.git]
/
crypto
/
dsa
/
dsa_sign.c
diff --git
a/crypto/dsa/dsa_sign.c
b/crypto/dsa/dsa_sign.c
index e9469ca62fd6f8a95c19323c3ad8178da1b50063..b7e4caab2aff91ac2d37ced1621f080ef717ce78 100644
(file)
--- a/
crypto/dsa/dsa_sign.c
+++ b/
crypto/dsa/dsa_sign.c
@@
-58,36
+58,26
@@
/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-#include <stdio.h>
+#define OPENSSL_FIPSAPI
+
#include "cryptlib.h"
#include "cryptlib.h"
-#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/dsa.h>
#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#include <openssl/engine.h>
+#include <openssl/bn.h>
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
- unsigned int *siglen, DSA *dsa)
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
{
- DSA_SIG *s;
- s=DSA_do_sign(dgst,dlen,dsa);
- if (s == NULL)
+ if (dsa->flags & DSA_FLAG_NONCE_FROM_HASH)
{
{
- *siglen=0;
- return(0);
+ /* One cannot precompute the DSA nonce if it is required to
+ * depend on the message. */
+ DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NONCE_CANNOT_BE_PRECOMPUTED);
+ return 0;
}
}
- *siglen=i2d_DSA_SIG(s,&sig);
- DSA_SIG_free(s);
- return(1);
+ return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0);
}
}
-
-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
- {
- return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
- }
-