Add secure DSA nonce flag.

This change adds the option to calculate (EC)DSA nonces by hashing the message and private key along with entropy to avoid leaking the private key if the PRNG fails.
author: Adam Langley <agl@chromium.org> 2013-01-24 22:27:28 +0100
committer: Ben Laurie <ben@links.org> 2013-06-13 18:26:07 +0200
commit: 8a99cb29d1f0013243a532bccc1dc70ed678eebe (patch)
tree: e29022ee28dbc0e6507597b2baf094760924f421 /crypto/ec/ec.h
parent: Limit the number of empty records that will be processed consecutively (diff)
download: openssl-8a99cb29d1f0013243a532bccc1dc70ed678eebe.tar.xz
openssl-8a99cb29d1f0013243a532bccc1dc70ed678eebe.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index 0dcad23294..17fc91c94d 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -823,6 +823,17 @@ void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
 /* wrapper functions for the underlying EC_GROUP object */
 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
 
+/** Sets whether ECDSA operations with the given key will calculate their k
+ * value from SHA512(private_key + message + random) in order to protect
+ * against a weak PRNG.
+ * \param  on  Whether to calculate k from a hash or not
+ */
+void EC_KEY_set_nonce_from_hash(EC_KEY *key, int on);
+
+/** Returns the value of nonce_from_hash
+ */
+int EC_KEY_get_nonce_from_hash(const EC_KEY *key);
+
 /** Creates a table of pre-computed multiples of the generator to 
  *  accelerate further EC_KEY operations.
  *  \param  key  EC_KEY object
author	Adam Langley <agl@chromium.org>	2013-01-24 22:27:28 +0100
committer	Ben Laurie <ben@links.org>	2013-06-13 18:26:07 +0200
commit	8a99cb29d1f0013243a532bccc1dc70ed678eebe (patch)
tree	e29022ee28dbc0e6507597b2baf094760924f421 /crypto/ec/ec.h
parent	Limit the number of empty records that will be processed consecutively (diff)
download	openssl-8a99cb29d1f0013243a532bccc1dc70ed678eebe.tar.xz openssl-8a99cb29d1f0013243a532bccc1dc70ed678eebe.zip