From: Nicola Tuveri Date: Tue, 12 Jun 2018 13:28:25 +0000 (+0300) Subject: Warn against nonce reuse in DSA_sign_setup() doc X-Git-Tag: OpenSSL_1_0_2p~38 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=fc4b2bf9ff2c98bd9dde487e41e0eb26664c08ff;p=oweals%2Fopenssl.git Warn against nonce reuse in DSA_sign_setup() doc Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6465) --- diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod index 5dfc733b20..340d19524f 100644 --- a/doc/crypto/DSA_do_sign.pod +++ b/doc/crypto/DSA_do_sign.pod @@ -20,8 +20,8 @@ digest B using the private key B and returns it in a newly allocated B structure. L may be used to precompute part -of the signing operation in case signature generation is -time-critical. +of the signing operation for each signature in case signature generation +is time-critical. DSA_do_verify() verifies that the signature B matches a given message digest B of size B. B is the signer's public diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod index 97389e8ec8..cd45ec542b 100644 --- a/doc/crypto/DSA_sign.pod +++ b/doc/crypto/DSA_sign.pod @@ -31,6 +31,10 @@ in newly allocated Bs at *B and *B, after freeing the old ones unless *B and *B are NULL. These values may be passed to DSA_sign() in Bkinv> and Br>. B is a pre-allocated B or NULL. +The precomputed values from DSA_sign_setup() B for +more than one signature: using the same Bkinv> and +Br> pair twice under the same private key on different +plaintexts will result in permanently exposing the DSA private key. DSA_verify() verifies that the signature B of size B matches a given message digest B of size B.