diff options
| author | James Muir <muir.james.a@gmail.com> | 2022-10-15 22:23:39 -0400 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2023-01-13 07:09:09 +0000 |
| commit | 836080a89a1f5e45dac4e0df76b9270587f65d5b (patch) | |
| tree | 72abd378cbb77d89d85c3d1dcb14c7e92d0653a0 /providers/common | |
| parent | 9fa553247874728cee8ca0ece9aaed476eb0f303 (diff) | |
| download | openssl-new-836080a89a1f5e45dac4e0df76b9270587f65d5b.tar.gz | |
Support all five EdDSA instances from RFC 8032
Fixes #6277
Description:
Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519,
Ed25519ctx, Ed25519ph, Ed448, Ed448ph -- available via the EVP APIs.
The desired EdDSA instance is specified via an OSSL_PARAM.
All instances, except for Ed25519, allow context strings as input.
Context strings are passed via an OSSL_PARAM. For Ed25519ctx, the
context string must be nonempty.
Ed25519, Ed25519ctx, Ed448 are PureEdDSA instances, which means that
the full message (not a digest) must be passed to sign and verify
operations.
Ed25519ph, Ed448ph are HashEdDSA instances, which means that the input
message is hashed before sign and verify.
Testing:
All 21 test vectors from RFC 8032 have been added to evppkey_ecx.txt
(thanks to Shane Lontis for showing how to do that). Those 21 test
vectors are exercised by evp_test.c and cover all five instances.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19705)
Diffstat (limited to 'providers/common')
0 files changed, 0 insertions, 0 deletions