| #
4d1810fa |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in curve22519
ok tb@
|
| #
64ed187e |
| 02-Apr-2023 |
tb <tb@openbsd.org> |
Revert r1.9 and reinstate r1.6
The argument change to x5519_ge_scalarmult_base() was made to match the
prototype in the header. More recent compilers warn about such ptr vs
array mismatches.
|
| #
21b5f757 |
| 17-Nov-2022 |
tb <tb@openbsd.org> |
Prevent Ed25519 signature malleability
Add a check that ensures that the upper half s of an Ed25519 signature is
bounded by the group order, i.e, 0 <= s < order. This is required by the
Verify proce
Prevent Ed25519 signature malleability
Add a check that ensures that the upper half s of an Ed25519 signature is
bounded by the group order, i.e, 0 <= s < order. This is required by the
Verify procedure in RFC 8032, section 5.1.7, step 1, and prevents simple
modifications of signatures such as adding (a multiple of) the group order
to the upper half of the signature.
Found with EdDSA testcase 63 of project Wycheproof.
ok beck jsing
show more ...
|
| #
ab3ec570 |
| 09-Nov-2022 |
jsing <jsing@openbsd.org> |
Make X25519_public_from_private() internally reachable.
|
| #
bbbda117 |
| 09-Nov-2022 |
jsing <jsing@openbsd.org> |
Rename public_value to public_key for consistency.
ok tb@
|
| #
5b0711d2 |
| 09-Nov-2022 |
jsing <jsing@openbsd.org> |
Rework ED25519 API.
BoringSSL implemented a compound private key, which includes a copy of the
public key as a performance optimisation for signing. However, this does
not readily match with how EVP
Rework ED25519 API.
BoringSSL implemented a compound private key, which includes a copy of the
public key as a performance optimisation for signing. However, this does
not readily match with how EVP works, makes the ED25519 API inconsistent
with the X25519 API, diverges from th RFC and does not align with the
OpenSSL API. Instead, the caller can readily compute the public key and
pass this in to the signing process.
ok tb@
show more ...
|
| #
dac51b63 |
| 08-Nov-2022 |
jsing <jsing@openbsd.org> |
Refactor/split ED25519_keypair.
This brings in ED25519_keypair_from_seed() from BoringSSL commit
c034e2d3ce16, which ED25519_keypair then wraps. This reduces differences
between us and BoringSSL.
|
| #
f3dd7755 |
| 08-Nov-2022 |
jsing <jsing@openbsd.org> |
Change function argument to reduce differences with BoringSSL.
|
| #
0824b0ca |
| 08-Nov-2022 |
jsing <jsing@openbsd.org> |
Remove pointless loops.
From BoringSSL 997c706d43504.
|
| #
adc9c116 |
| 06-Nov-2022 |
jsing <jsing@openbsd.org> |
Enable Ed25519 internal to libcrypto.
Based on a diff from tb@
|
| #
c8253121 |
| 08-Feb-2022 |
tb <tb@openbsd.org> |
Change second argument of x25519_ge_scalarmult_base() from
a 'const uint8_t *a' to a 'const uint8_t a[32]' to match
the prototype in curve25519_internal.h and the other variant
inside OPENSSL_SMALL.
Change second argument of x25519_ge_scalarmult_base() from
a 'const uint8_t *a' to a 'const uint8_t a[32]' to match
the prototype in curve25519_internal.h and the other variant
inside OPENSSL_SMALL.
ok millert
show more ...
|
| #
694cb796 |
| 11-May-2019 |
tb <tb@openbsd.org> |
$OpenBSD$
|
| #
a878ae04 |
| 17-Dec-2016 |
jsing <jsing@openbsd.org> |
Define X25519_KEY_LENGTH and use it so we have fewer magic numbers.
ok beck@
|
| #
d3465008 |
| 06-Nov-2016 |
jsing <jsing@openbsd.org> |
Avoid compiling in an unused function.
Spotted by guenther@
|
| #
62d864d1 |
| 06-Nov-2016 |
bcook <bcook@openbsd.org> |
adjust guards to elide unused Bi array
ok jsing@
|
| #
5f5d09a5 |
| 05-Nov-2016 |
jsing <jsing@openbsd.org> |
Add support for X25519.
This brings in code from BoringSSL, which is mostly taken from SUPERCOP.
ok beck@ bcook@
|